VDE-2020-006
May 14, 2025, 2:28 PM
With special crafted requests it is possible to get sensitive information, in this case the password hashes, by measuring response delay. With a substantial amount of time this data can …
VDE-2020-011
May 22, 2025, 3:03 PM
An attacker needs an authorized login on the device in order to exploit the herein mentioned vulnerabilities. The reported vulnerabilities allow a local attacker with valid login credentials who is …
VDE-2020-010
March 9, 2020, 10:25 AM
An attacker needs an authorized login with administrative privileges on the device in order to exploit the herein mentioned vulnerability. The weakness allows an attacker which has admin privileges on …
VDE-2020-009
May 22, 2025, 3:03 PM
The firmware update package (WUP) is not signed entirely. The used password offers no additional security, it is just meant to protect from unintentional modifications of the WUP file. Thus …
VDE-2020-008
May 14, 2025, 2:53 PM
The Cloud Connectivity of the WAGO PLCs is used to connect the device with the cloud services from different providers. It also supports maintenance functionality with the firmware update function …
VDE-2020-007
March 9, 2020, 10:10 AM
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for commissioning and update. The controller is an embedded device which has limited resources. The vulnerability described …
VDE-2020-004
May 14, 2025, 3:00 PM
The communication between e!Cockpit and the programmable logic controller is not encrypted. The broken cryptographic algorithm allows an attacker to decode the password for the e!Cockpit communication and with this …
VDE-2020-003
May 14, 2025, 2:28 PM
Multiple Vulnerabilities exist in components used by the aforementioned products. See CVE-Details for more information.