Every CVE whose affected-product data names Wago Pfc200 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2022-45138 — CVSS 9.8 (critical): The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be…
CVE-2018-5459 — CVSS 9.8 (critical): An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute…
CVE-2019-5082 — CVSS 9.8 (critical): An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version…
CVE-2023-1698 — CVSS 9.8 (critical): In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device…
CVE-2022-45140 — CVSS 9.8 (critical): The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to…
CVE-2019-5161 — CVSS 9.1 (critical): An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14)…
CVE-2016-9362 — CVSS 9.1 (critical): An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016)…
CVE-2019-5160 — CVSS 9.1 (critical): An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions…
CVE-2019-5175 — CVSS 7.8 (high): An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version…
CVE-2019-5166 — CVSS 7.8 (high): An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version…
CVE-2019-5167 — CVSS 7.8 (high): An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version…
CVE-2019-5168 — CVSS 7.8 (high): An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version…
CVE-2019-5169 — CVSS 7.8 (high): An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version…
CVE-2019-5170 — CVSS 7.8 (high): An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version…
CVE-2019-5171 — CVSS 7.8 (high): An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version…
CVE-2019-5172 — CVSS 7.8 (high): An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version…
CVE-2019-5173 — CVSS 7.8 (high): An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version…
CVE-2019-5174 — CVSS 7.8 (high): An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version…
CVE-2019-5178 — CVSS 7.8 (high): An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC…
CVE-2019-5179 — CVSS 7.8 (high): An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC…
CVE-2019-5180 — CVSS 7.8 (high): An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC…
CVE-2019-5181 — CVSS 7.8 (high): An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC…
CVE-2019-5184 — CVSS 7.8 (high): An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML…
CVE-2019-5149 — CVSS 7.5 (high): The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web…
CVE-2019-5134 — CVSS 7.5 (high): An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of…
CVE-2019-5156 — CVSS 7.2 (high): An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14)…
CVE-2020-6090 — CVSS 7.2 (high): An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A…
CVE-2019-5157 — CVSS 7.2 (high): An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions…
CVE-2019-5155 — CVSS 7.2 (high): An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating…
CVE-2019-5186 — CVSS 7.0 (high): An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200…
CVE-2019-5185 — CVSS 7.0 (high): An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200…
CVE-2022-45137 — CVSS 6.1 (medium): The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users…
CVE-2022-3738 — CVSS 5.9 (medium): The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain…
CVE-2019-5177 — CVSS 5.5 (medium): An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC…
CVE-2019-5182 — CVSS 5.5 (medium): An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC…
CVE-2019-5176 — CVSS 5.5 (medium): An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC…
CVE-2023-3379 — CVSS 5.3 (medium): Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of…
CVE-2019-5135 — CVSS 5.3 (medium): An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web…
CVE-2022-45139 — CVSS 5.3 (medium): A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the…
CVE-2023-4089 — CVSS 2.7 (low): On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an…