Every CVE whose affected-product data names Wago Pfc100 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2023-1698 — CVSS 9.8 (critical): In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device…
CVE-2019-5082 — CVSS 9.8 (critical): An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version…
CVE-2022-45138 — CVSS 9.8 (critical): The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be…
CVE-2022-45140 — CVSS 9.8 (critical): The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to…
CVE-2019-5149 — CVSS 7.5 (high): The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web…
CVE-2019-5134 — CVSS 7.5 (high): An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of…
CVE-2022-45137 — CVSS 6.1 (medium): The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users…
CVE-2022-3738 — CVSS 5.9 (medium): The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain…
CVE-2022-45139 — CVSS 5.3 (medium): A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the…
CVE-2019-5135 — CVSS 5.3 (medium): An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web…
CVE-2023-3379 — CVSS 5.3 (medium): Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of…
CVE-2023-4089 — CVSS 2.7 (low): On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an…