VDE-2020-008
Mai 14, 2025, 2:53 nachm.
The Cloud Connectivity of the WAGO PLCs is used to connect the device with the cloud services from different providers. It also supports maintenance functionality with the firmware update function …
VDE-2020-007
März 9, 2020, 10:10 vorm.
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for commissioning and update. The controller is an embedded device which has limited resources. The vulnerability described …
VDE-2020-004
Mai 14, 2025, 3:00 nachm.
The communication between e!Cockpit and the programmable logic controller is not encrypted. The broken cryptographic algorithm allows an attacker to decode the password for the e!Cockpit communication and with this …
VDE-2019-022
Dez. 16, 2019, 10:00 vorm.
The reported vulnerabilities allow a remote attacker to change the setting, delete the application, set the device to factory defaults, code execution and to cause a system crash or denial …
VDE-2019-017
Mai 14, 2025, 2:28 nachm.
The reported vulnerability allows a remote attacker to check paths and file names that are used in filesystem operations. **Update, 18.9.2019, 18:30** * fixed typo in modelname, replaced PCF with …
VDE-2019-013
Juni 12, 2019, 12:25 nachm.
Multiple vulnerabilities have been identified in WAGO 852-303, 852-1305 and 852-1505 industrial managed ethernet switches.
VDE-2018-013
Sept. 22, 2025, 12:00 nachm.
The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets. Please consult the original paper for details (link at the bottom of this advisory).
VDE-2018-010
Mai 22, 2025, 3:03 nachm.
An unauthenticated user can exploit a vulnerability (CVE-2018-12981) to inject code in the WBM via reflected cross-site scripting (XSS), if he is able trick a user to open a special …