CPE-7E86BB8A-6FFF-42FF-A4F3-237836275D63 Detail

CPE Details

WAGO Pfc100 Firmware 16

Vendor

wago

Product

pfc100_firmware

Version

Created

2023-09-28
06h35 +00:00

Modified

2023-09-28
06h35 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:o:wago:pfc100_firmware:16:::::::*

Informations

Vendor

wago

Product

pfc100_firmware

Version

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-3379	2023-11-20 07h23 +00:00	Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.	5.3	Medium
CVE-2023-4089	2023-10-17 06h00 +00:00	On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.	2.7	Low
CVE-2022-45140	2023-02-27 14h36 +00:00	The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.	9.8	Critical
CVE-2022-45139	2023-02-27 14h36 +00:00	A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality.	5.3	Medium
CVE-2022-45138	2023-02-27 14h36 +00:00	The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.	9.8	Critical
CVE-2022-45137	2023-02-27 14h36 +00:00	The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability.	6.1	Medium
CVE-2022-3738	2023-01-19 11h27 +00:00	The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.	5.9	Medium

WAGO Pfc100 Firmware 16

CPE Details

CPE Name: cpe:2.3:o:wago:pfc100_firmware:16:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:o:wago:pfc100_firmware:16:::::::*