VDE-2023-039
March 13, 2024, 9:30 AM
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning, and updates. The option to change the configuration data via tools or the web-based-management …
VDE-2024-014
June 5, 2025, 3:28 PM
Several WAGO Firmwares are vulnerable to a to a remote attack which allows to bypass the integrity check through OpenSSH. This called Terrapin attack occurs because of mishandled handshake phase.
VDE-2024-007
Jan. 22, 2024, 8:00 AM
A heap-based buffer overflow caused by libcurl and wrong whitespace character interpretation in Javascript, both used in CodeMeter Runtime affecting multiple products by WAGO. WIBU-SYSTEMS Codemeter is installed by default …
VDE-2023-044
Dec. 5, 2023, 8:00 AM
The Library WagoAppRTU which is part of the Wago Telecontrol Configurator is prone to improper input validation. By sending specifically crafted MMS packets an attacker can trigger a denial-of-service condition.
VDE-2023-045
Dec. 5, 2023, 8:00 AM
An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.
VDE-2023-037
Nov. 21, 2023, 8:00 AM
Affected products are vulnerable to remote code execution via command injection in the web-based management by an attacker.
VDE-2023-015
Nov. 20, 2023, 8:00 AM
There is a misconfiguration of access rights to a configuration tool of the web-based-management for a specific user, which allows to reset passwords of other users (except root). This allows …
VDE-2023-046
April 28, 2025, 12:00 PM
An attacker with administrative privileges which can access sensitive files, can additionally access them in an unintended, undocumented way.