WAGO: Vulnerabilities in CODESYS Control

The following firmware versions installed on several devices are vulnerable due to a vulnerability in the CODESYS Control V3 web server.



WAGO: Vulnerability in WAGO Navigator

The WAGO Navigator versions 1.0.1 and 1.0 are vulnerable due to the use of the WiX toolset version 3.11.2.



The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning, and updates.

The option to change the configuration data via tools or the web-based-management enabled attackers to prepare cross-site-scripting attacks and under specific circumstances perform remote code execution.



A heap-based buffer overflow caused by libcurl and wrong whitespace character interpretation in Javascript, both used in CodeMeter Runtime affecting multiple products by WAGO. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations.



An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.



Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0