Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Wago Subscribe
Total 85 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12550 1 Wago 6 852-1305, 852-1305 Firmware, 852-1505 and 3 more 2019-06-19 10.0 HIGH 9.8 CRITICAL
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
CVE-2018-16210 1 Wago 2 Wago 750-881 Ethernet Controller Devices, Wago 750-881 Ethernet Controller Devices Firmware 2019-05-13 4.3 MEDIUM 6.1 MEDIUM
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
CVE-2016-9362 1 Wago 7 750-8202, 750-881, 750-xxxx Series Firmware and 4 more 2017-06-28 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating.
CVE-2012-4879 1 Wago 1 Wago I\/o System 758 Industrial Pc Device 2013-10-11 10.0 HIGH N/A
The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013.
CVE-2012-3013 1 Wago 1 Wago I\/o System 758 Industrial Pc Device 2013-10-08 10.0 HIGH N/A
WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session.