CPE Details
WAGO 762-4306/8000-002
-
2022-03-17
19h33 +00:00
19h33 +00:00
2022-04-07
15h13 +00:00
15h13 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:h:wago:762-4306\/8000-002:-:*:*:*:*:*:*:*
Informations
Vendor
wagoProduct
762-4306\/8000-002Version
-Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. | 7.8 |
Haute |
||
| In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. | 9.8 |
Critique |
||
| In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. | 7.5 |
Haute |
||
| In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. | 8.2 |
Haute |
||
| In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. | 9.1 |
Critique |
||
| Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. | 5.4 |
Moyen |
2025©
tesweb SA
