During installation, identical certificates are installed across all systems instead of unique ones, which are intended for JWT Token encryption and signing.
The base ctrlX OS apps Device Admin and Solutions contain multiple vulnerabilities. In a worst case scenario, a remote authenticated (low-privileged) attacker might be able to execute arbitrary OS commands running with higher privileges.
Vulnerabilities have been discovered in the WAGO Device Manager that allow any origin to access the server and set header values, as well as an endpoint that permits read access to the file system. The WAGO Device Manager is a software for configuring and parameterizing single WAGO products, which is included in the firmware. These vulnerabilities could be exploited by attackers to send requests and read server responses through crafted web applications or to access the file system.
Update Version 1.1.0, 04.07.2025: Removed incorrect custom firmware versions.
The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1st, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.
The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.
Nozomi Networks reported a vulnerability in the pfc firmware sdk-G2 of libwagosnmp. The WAGO pfc-firmware-sdk-G2 is a software development kit designed for WAGO PFC devices which allows developers to build and customize the firmware.
Several WAGO Firmwares are vulnerable to an incorrect calculation of the buffer size in the CODESYS OPC UA STACK. This can lead to a crash of the runtime of the affected firmware versions installed on several devices.
The following firmware versions installed on several devices are are vulnerable due to a vulnerability in CODESYS Control.