Search
Find a vulnerability
Search criteria
274 vulnerabilities by wago
CVE-2023-5872 (GCVE-0-2023-5872)
Vulnerability from nvd – Published: 2026-04-16 04:55 – Updated: 2026-04-16 12:59
VLAI
Title
Wago: Vulnerability in Smart Designer Web-Application
Summary
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://certvde.com/de/advisories/VDE-2023-045 | |
| https://wago.csaf-tp.certvde.com/.well-known/csaf… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wago | Smart Designer |
Affected:
0.0.0 , ≤ 2.33.1
(semver)
|
Date Public
2023-12-05 07:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T12:59:20.406412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T12:59:27.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smart Designer",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "2.33.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wago:smart_designer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.33.1",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Brett Dewall from White Oak Security"
}
],
"datePublic": "2023-12-05T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T04:55:36.146Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2023-045"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json"
}
],
"source": {
"advisory": "VDE-2023-045",
"discovery": "UNKNOWN"
},
"title": "Wago: Vulnerability in Smart Designer Web-Application",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-5872",
"datePublished": "2026-04-16T04:55:36.146Z",
"dateReserved": "2023-10-31T07:22:47.201Z",
"dateUpdated": "2026-04-16T12:59:27.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1490 (GCVE-0-2024-1490)
Vulnerability from nvd – Published: 2026-04-09 10:52 – Updated: 2026-04-09 16:15
VLAI
Title
Wago: Vulnerability in WBM through Open VPN
Summary
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://certvde.com/de/advisories/VDE-2024-008 | |
| https://wago.csaf-tp.certvde.com/.well-known/csaf… | vendor-advisory |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | CC100 (0751-9x01) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | PFC100 G1 (0750-810-xxxx-xxxx) |
Affected:
0.0.0 , ≤ 3.10.10
(semver)
|
|
| WAGO | PFC100 G2 (0750-811x-xxxx-xxxx) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | PFC200 G1 (750-820x-xxxx-xxxx) |
Affected:
0.0.0 , ≤ 3.10.10
(semver)
|
|
| WAGO | PFC200 G2 (750-821x-xxxx-xxxx) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | TP600 (0762-420x-8000-000x) |
Affected:
0.0.0 , ≤ FW 26
(semver)
|
|
| WAGO | TP600 (0762-430x-8000-000x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | TP600 (0762-520x-8000-000x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | TP600 (0762-530x-8000-000x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | TP600 (0762-620x-8000-000x) |
Affected:
0.0.0
|
|
| WAGO | TP600 (0762-630x-8000-000x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | Edge Controller (0752-8303-8000-0002) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | WP400 (0762-340x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T14:27:36.814209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T16:15:38.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC100 (0751-9x01)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G1 (0750-810-xxxx-xxxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "3.10.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G2 (0750-811x-xxxx-xxxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G1 (750-820x-xxxx-xxxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "3.10.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 (750-821x-xxxx-xxxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-420x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW 26",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-430x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-520x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-530x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-620x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "0.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-630x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (0752-8303-8000-0002)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP400 (0762-340x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jeroen Wijenbergh, Floris Hendriks from Radboud University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.\u003cbr\u003e"
}
],
"value": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T10:52:41.174Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2024-008"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json"
}
],
"source": {
"advisory": "VDE-2024-008",
"defect": [
"CERT@VDE#64648"
],
"discovery": "EXTERNAL"
},
"title": "Wago: Vulnerability in WBM through Open VPN",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-1490",
"datePublished": "2026-04-09T10:52:41.174Z",
"dateReserved": "2024-02-14T15:20:27.403Z",
"dateUpdated": "2026-04-09T16:15:38.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2328 (GCVE-0-2026-2328)
Vulnerability from nvd – Published: 2026-03-30 06:55 – Updated: 2026-03-30 18:08
VLAI
Title
Backend Access Due to Insufficient Input Validation
Summary
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-790 - Improper Filtering of Special Elements
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Device Sphere |
Affected:
0.0.0 , < 1.2.2
(semver)
|
|
| WAGO | Solution Builder |
Affected:
0.0.0 , < 2.4.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T18:07:40.900442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T18:08:02.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Device Sphere",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.4.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marvin Ramsperger from SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T06:55:31.424Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-010"
}
],
"source": {
"advisory": "VDE-2026-010",
"defect": [
"CERT@VDE#641951"
],
"discovery": "UNKNOWN"
},
"title": "Backend Access Due to Insufficient Input Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-2328",
"datePublished": "2026-03-30T06:55:31.424Z",
"dateReserved": "2026-02-11T08:12:03.792Z",
"dateUpdated": "2026-03-30T18:08:02.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3587 (GCVE-0-2026-3587)
Vulnerability from nvd – Published: 2026-03-23 07:49 – Updated: 2026-03-24 07:38
VLAI
Title
Hidden CLI Function Allows Root Access
Summary
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-912 - Hidden Functionality
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Lean Managed Switch 852-1812 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1813 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1813-000-001 |
Affected:
0.0.0 , < V1.2.3.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1816 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-303 |
Affected:
0.0.0 , < V1.2.8.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1305 |
Affected:
0.0.0 , < V1.2.0.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1305-000-001 |
Affected:
0.0.0 , < V1.2.0.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1505-000-001 |
Affected:
0.0.0 , < V1.2.0.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1505 |
Affected:
0.0.0 , < V1.1.9.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-602 |
Affected:
0.0.0 , < V1.0.6.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-603 |
Affected:
0.0.0 , < V1.0.6.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1605 |
Affected:
0.0.0 , < V1.2.5.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1812-010-000 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1813-010-000 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1816-010-000 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1813/010-001 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T14:05:17.517159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T14:05:54.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1812",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1813",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1813-000-001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.3.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1816",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-303",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.8.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.0.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1305-000-001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.0.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1505-000-001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.0.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.1.9.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-602",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.0.6.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-603",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.0.6.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1605",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.5.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1812-010-000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1813-010-000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1816-010-000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1813/010-001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."
}
],
"value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T07:38:36.602Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-020"
}
],
"source": {
"advisory": "VDE-2026-020",
"defect": [
"CERT@VDE#641971"
],
"discovery": "UNKNOWN"
},
"title": "Hidden CLI Function Allows Root Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-3587",
"datePublished": "2026-03-23T07:49:17.325Z",
"dateReserved": "2026-03-05T09:44:25.876Z",
"dateUpdated": "2026-03-24T07:38:36.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22906 (GCVE-0-2026-22906)
Vulnerability from nvd – Published: 2026-02-09 07:40 – Updated: 2026-02-09 15:31
VLAI
Title
Hardcoded Key Allows Credential Disclosure
Summary
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:29:06.439394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:31:17.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diconium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User credentials are stored using AES\u2011ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.\u003cbr\u003e"
}
],
"value": "User credentials are stored using AES\u2011ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T07:40:33.546Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-004"
}
],
"source": {
"advisory": "VDE-2026-004",
"defect": [
"CERT@VDE#641934"
],
"discovery": "UNKNOWN"
},
"title": "Hardcoded Key Allows Credential Disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-22906",
"datePublished": "2026-02-09T07:40:33.546Z",
"dateReserved": "2026-01-13T08:33:25.684Z",
"dateUpdated": "2026-02-09T15:31:17.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22905 (GCVE-0-2026-22905)
Vulnerability from nvd – Published: 2026-02-09 07:40 – Updated: 2026-02-09 15:33
VLAI
Title
Authentication Bypass via URI Traversal
Summary
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:33:12.951248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:33:33.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diconium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T07:40:17.801Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-004"
}
],
"source": {
"advisory": "VDE-2026-004",
"defect": [
"CERT@VDE#641934"
],
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass via URI Traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-22905",
"datePublished": "2026-02-09T07:40:17.801Z",
"dateReserved": "2026-01-13T08:33:25.684Z",
"dateUpdated": "2026-02-09T15:33:33.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22904 (GCVE-0-2026-22904)
Vulnerability from nvd – Published: 2026-02-09 07:40 – Updated: 2026-02-09 15:34
VLAI
Title
Stack Overflow via Oversized Cookie Fields in lighttpd
Summary
Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:34:33.982565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:34:53.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diconium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial\u2011of\u2011service condition and possible remote code execution.\u003cbr\u003e"
}
],
"value": "Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial\u2011of\u2011service condition and possible remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T07:40:00.484Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-004"
}
],
"source": {
"advisory": "VDE-2026-004",
"defect": [
"CERT@VDE#641934"
],
"discovery": "UNKNOWN"
},
"title": "Stack Overflow via Oversized Cookie Fields in lighttpd",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-22904",
"datePublished": "2026-02-09T07:40:00.484Z",
"dateReserved": "2026-01-13T08:33:25.683Z",
"dateUpdated": "2026-02-09T15:34:53.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22903 (GCVE-0-2026-22903)
Vulnerability from nvd – Published: 2026-02-09 07:39 – Updated: 2026-02-09 15:36
VLAI
Title
Stack Overflow via SESSIONID Cookie in lighttpd
Summary
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:36:08.801691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:36:36.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diconium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T07:39:42.537Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-004"
}
],
"source": {
"advisory": "VDE-2026-004",
"defect": [
"CERT@VDE#641934"
],
"discovery": "UNKNOWN"
},
"title": "Stack Overflow via SESSIONID Cookie in lighttpd",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-22903",
"datePublished": "2026-02-09T07:39:42.537Z",
"dateReserved": "2026-01-13T08:33:25.683Z",
"dateUpdated": "2026-02-09T15:36:36.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50926 (GCVE-0-2022-50926)
Vulnerability from nvd – Published: 2026-01-13 22:51 – Updated: 2026-01-14 19:19
VLAI
Title
WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation
Summary
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50793 | exploit |
| https://www.wago.com | product |
| https://www.vulncheck.com/advisories/wago-pfc-g-e… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wago | WAGO 750-8212 PFC200 |
Affected:
Firmware version 03.05.10(17)
|
Date Public
2022-02-16 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:50:07.390254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:19:35.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WAGO 750-8212 PFC200",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "Firmware version 03.05.10(17)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Momen Eldawakhly (Cyber Guy) at Cypro AB"
}
],
"datePublic": "2022-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie\u0027s \u0027name\u0027 and \u0027roles\u0027 parameters to elevate from ordinary user to administrative privileges without authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T22:51:57.087Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50793",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50793"
},
{
"name": "Official Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.wago.com"
},
{
"name": "VulnCheck Advisory: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wago-pfc-g-eth-rs-privilege-escalation"
}
],
"title": "WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50926",
"datePublished": "2026-01-13T22:51:57.087Z",
"dateReserved": "2026-01-11T13:34:26.328Z",
"dateUpdated": "2026-01-14T19:19:35.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41716 (GCVE-0-2025-41716)
Vulnerability from nvd – Published: 2025-09-24 09:04 – Updated: 2025-09-24 13:03
VLAI
Title
Unauthenticated User Enumeration via Missing Authentication
Summary
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Solution Builder |
Affected:
0.0.0 , < 2.3.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:03:29.670633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:03:53.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.3.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.\u003cbr\u003e"
}
],
"value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T09:04:33.971Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-087"
}
],
"source": {
"advisory": "VDE-2025-087",
"defect": [
"CERT@VDE#641858"
],
"discovery": "UNKNOWN"
},
"title": "Unauthenticated User Enumeration via Missing Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41716",
"datePublished": "2025-09-24T09:04:33.971Z",
"dateReserved": "2025-04-16T11:17:48.313Z",
"dateUpdated": "2025-09-24T13:03:53.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41715 (GCVE-0-2025-41715)
Vulnerability from nvd – Published: 2025-09-24 09:04 – Updated: 2025-09-24 13:07
VLAI
Title
Missing Authentication for Database Access in Web Application
Summary
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Device Sphere |
Affected:
0.0.0 , < 1.1.0
(semver)
|
|
| WAGO | Solution Builder |
Affected:
0.0.0 , < 2.3.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:07:23.769369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:07:30.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Device Sphere",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.3.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.\u003c/p\u003e"
}
],
"value": "The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T09:04:22.835Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-087"
}
],
"source": {
"advisory": "VDE-2025-087",
"defect": [
"CERT@VDE#641858"
],
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Database Access in Web Application",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41715",
"datePublished": "2025-09-24T09:04:22.835Z",
"dateReserved": "2025-04-16T11:17:48.312Z",
"dateUpdated": "2025-09-24T13:07:30.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41713 (GCVE-0-2025-41713)
Vulnerability from nvd – Published: 2025-09-15 08:00 – Updated: 2025-09-15 15:23
VLAI
Title
WAGO: Vulnerability in hardware switch circuit
Summary
During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
48 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T15:23:05.302247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T15:23:17.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301 HW rev. \u0026lt;082100",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301/K000-0005",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301/K000-0005 HW rev. \u0026lt;082100",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9401",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9401 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402/0000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402/0000-0001 HW rev. \u0026lt;052800",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402 HW rev. \u0026lt;032800",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9403",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9403 HW rev. \u0026lt;022800",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002 HW rev. 32500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4101",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4101 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4102",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4102 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4104",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4104 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0001 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4301/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4301/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4302/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4302/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4303/8000-0002 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4304/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4304/8000-0002 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4305/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4305/8000-0002 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0001 HW rev. \u0026lt;042500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0002 HW rev. \u0026lt;042500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5201/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5201/8000-0001 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5203/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5203/8000-0001 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5205/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5205/8000-0001 HW rev. \u0026lt;032500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5206/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5206/8000-0001 HW rev. \u0026lt;042500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration."
}
],
"value": "During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T08:00:50.241Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-083"
},
{
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-083.json"
}
],
"source": {
"advisory": "VDE-2025-083",
"defect": [
"CERT@VDE#641852"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Vulnerability in hardware switch circuit",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41713",
"datePublished": "2025-09-15T08:00:50.241Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2025-09-15T15:23:17.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41664 (GCVE-0-2025-41664)
Vulnerability from nvd – Published: 2025-09-08 06:39 – Updated: 2025-09-08 16:03
VLAI
Title
Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates
Summary
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Coupler 0750-0362 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0362/0000-0001 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0362/0040-0000 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0362/K013-1080 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0362/K019-7576 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0363 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0363/0040-0000 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0364/0040-0010 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0365/0040-0010 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0366 |
Affected:
0 , < FW13
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T16:02:34.291705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T16:03:08.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362/0000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362/0040-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362/K013-1080",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362/K019-7576",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0363",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0363/0040-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0364/0040-0010",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0365/0040-0010",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0366",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.\u003cbr\u003e"
}
],
"value": "A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T06:39:19.566Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-048"
}
],
"source": {
"advisory": "VDE-2025-048",
"defect": [
"CERT@VDE#641798"
],
"discovery": "UNKNOWN"
},
"title": "Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41664",
"datePublished": "2025-09-08T06:39:19.566Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-09-08T16:03:08.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5872 (GCVE-0-2023-5872)
Vulnerability from cvelistv5 – Published: 2026-04-16 04:55 – Updated: 2026-04-16 12:59
VLAI
Title
Wago: Vulnerability in Smart Designer Web-Application
Summary
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://certvde.com/de/advisories/VDE-2023-045 | |
| https://wago.csaf-tp.certvde.com/.well-known/csaf… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wago | Smart Designer |
Affected:
0.0.0 , ≤ 2.33.1
(semver)
|
Date Public
2023-12-05 07:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T12:59:20.406412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T12:59:27.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smart Designer",
"vendor": "Wago",
"versions": [
{
"lessThanOrEqual": "2.33.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wago:smart_designer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.33.1",
"versionStartIncluding": "0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Brett Dewall from White Oak Security"
}
],
"datePublic": "2023-12-05T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T04:55:36.146Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2023-045"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-045.json"
}
],
"source": {
"advisory": "VDE-2023-045",
"discovery": "UNKNOWN"
},
"title": "Wago: Vulnerability in Smart Designer Web-Application",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-5872",
"datePublished": "2026-04-16T04:55:36.146Z",
"dateReserved": "2023-10-31T07:22:47.201Z",
"dateUpdated": "2026-04-16T12:59:27.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1490 (GCVE-0-2024-1490)
Vulnerability from cvelistv5 – Published: 2026-04-09 10:52 – Updated: 2026-04-09 16:15
VLAI
Title
Wago: Vulnerability in WBM through Open VPN
Summary
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://certvde.com/de/advisories/VDE-2024-008 | |
| https://wago.csaf-tp.certvde.com/.well-known/csaf… | vendor-advisory |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | CC100 (0751-9x01) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | PFC100 G1 (0750-810-xxxx-xxxx) |
Affected:
0.0.0 , ≤ 3.10.10
(semver)
|
|
| WAGO | PFC100 G2 (0750-811x-xxxx-xxxx) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | PFC200 G1 (750-820x-xxxx-xxxx) |
Affected:
0.0.0 , ≤ 3.10.10
(semver)
|
|
| WAGO | PFC200 G2 (750-821x-xxxx-xxxx) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | TP600 (0762-420x-8000-000x) |
Affected:
0.0.0 , ≤ FW 26
(semver)
|
|
| WAGO | TP600 (0762-430x-8000-000x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | TP600 (0762-520x-8000-000x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | TP600 (0762-530x-8000-000x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | TP600 (0762-620x-8000-000x) |
Affected:
0.0.0
|
|
| WAGO | TP600 (0762-630x-8000-000x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | Edge Controller (0752-8303-8000-0002) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
|
| WAGO | WP400 (0762-340x) |
Affected:
0.0.0 , ≤ 4.5.10
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T14:27:36.814209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T16:15:38.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC100 (0751-9x01)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G1 (0750-810-xxxx-xxxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "3.10.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G2 (0750-811x-xxxx-xxxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G1 (750-820x-xxxx-xxxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "3.10.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 (750-821x-xxxx-xxxx)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-420x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW 26",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-430x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-520x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-530x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-620x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "0.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 (0762-630x-8000-000x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller (0752-8303-8000-0002)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP400 (0762-340x)",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jeroen Wijenbergh, Floris Hendriks from Radboud University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device.\u003cbr\u003e"
}
],
"value": "An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T10:52:41.174Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2024-008"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json"
}
],
"source": {
"advisory": "VDE-2024-008",
"defect": [
"CERT@VDE#64648"
],
"discovery": "EXTERNAL"
},
"title": "Wago: Vulnerability in WBM through Open VPN",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-1490",
"datePublished": "2026-04-09T10:52:41.174Z",
"dateReserved": "2024-02-14T15:20:27.403Z",
"dateUpdated": "2026-04-09T16:15:38.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2328 (GCVE-0-2026-2328)
Vulnerability from cvelistv5 – Published: 2026-03-30 06:55 – Updated: 2026-03-30 18:08
VLAI
Title
Backend Access Due to Insufficient Input Validation
Summary
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-790 - Improper Filtering of Special Elements
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Device Sphere |
Affected:
0.0.0 , < 1.2.2
(semver)
|
|
| WAGO | Solution Builder |
Affected:
0.0.0 , < 2.4.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T18:07:40.900442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T18:08:02.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Device Sphere",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.4.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marvin Ramsperger from SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T06:55:31.424Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-010"
}
],
"source": {
"advisory": "VDE-2026-010",
"defect": [
"CERT@VDE#641951"
],
"discovery": "UNKNOWN"
},
"title": "Backend Access Due to Insufficient Input Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-2328",
"datePublished": "2026-03-30T06:55:31.424Z",
"dateReserved": "2026-02-11T08:12:03.792Z",
"dateUpdated": "2026-03-30T18:08:02.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3587 (GCVE-0-2026-3587)
Vulnerability from cvelistv5 – Published: 2026-03-23 07:49 – Updated: 2026-03-24 07:38
VLAI
Title
Hidden CLI Function Allows Root Access
Summary
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-912 - Hidden Functionality
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Lean Managed Switch 852-1812 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1813 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1813-000-001 |
Affected:
0.0.0 , < V1.2.3.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1816 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-303 |
Affected:
0.0.0 , < V1.2.8.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1305 |
Affected:
0.0.0 , < V1.2.0.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1305-000-001 |
Affected:
0.0.0 , < V1.2.0.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1505-000-001 |
Affected:
0.0.0 , < V1.2.0.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1505 |
Affected:
0.0.0 , < V1.1.9.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-602 |
Affected:
0.0.0 , < V1.0.6.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-603 |
Affected:
0.0.0 , < V1.0.6.S0
(semver)
|
|
| WAGO | Industrial Managed Switch 852-1605 |
Affected:
0.0.0 , < V1.2.5.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1812-010-000 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1813-010-000 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1816-010-000 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
|
| WAGO | Lean Managed Switch 852-1813/010-001 |
Affected:
0.0.0 , < V1.2.1.S0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T14:05:17.517159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T14:05:54.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1812",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1813",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1813-000-001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.3.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1816",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-303",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.8.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1305",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.0.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1305-000-001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.0.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1505-000-001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.0.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1505",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.1.9.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-602",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.0.6.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-603",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.0.6.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Managed Switch 852-1605",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.5.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1812-010-000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1813-010-000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1816-010-000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switch 852-1813/010-001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "V1.2.1.S0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."
}
],
"value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T07:38:36.602Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-020"
}
],
"source": {
"advisory": "VDE-2026-020",
"defect": [
"CERT@VDE#641971"
],
"discovery": "UNKNOWN"
},
"title": "Hidden CLI Function Allows Root Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-3587",
"datePublished": "2026-03-23T07:49:17.325Z",
"dateReserved": "2026-03-05T09:44:25.876Z",
"dateUpdated": "2026-03-24T07:38:36.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22906 (GCVE-0-2026-22906)
Vulnerability from cvelistv5 – Published: 2026-02-09 07:40 – Updated: 2026-02-09 15:31
VLAI
Title
Hardcoded Key Allows Credential Disclosure
Summary
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:29:06.439394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:31:17.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diconium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User credentials are stored using AES\u2011ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.\u003cbr\u003e"
}
],
"value": "User credentials are stored using AES\u2011ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T07:40:33.546Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-004"
}
],
"source": {
"advisory": "VDE-2026-004",
"defect": [
"CERT@VDE#641934"
],
"discovery": "UNKNOWN"
},
"title": "Hardcoded Key Allows Credential Disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-22906",
"datePublished": "2026-02-09T07:40:33.546Z",
"dateReserved": "2026-01-13T08:33:25.684Z",
"dateUpdated": "2026-02-09T15:31:17.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22905 (GCVE-0-2026-22905)
Vulnerability from cvelistv5 – Published: 2026-02-09 07:40 – Updated: 2026-02-09 15:33
VLAI
Title
Authentication Bypass via URI Traversal
Summary
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:33:12.951248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:33:33.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diconium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T07:40:17.801Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-004"
}
],
"source": {
"advisory": "VDE-2026-004",
"defect": [
"CERT@VDE#641934"
],
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass via URI Traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-22905",
"datePublished": "2026-02-09T07:40:17.801Z",
"dateReserved": "2026-01-13T08:33:25.684Z",
"dateUpdated": "2026-02-09T15:33:33.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22904 (GCVE-0-2026-22904)
Vulnerability from cvelistv5 – Published: 2026-02-09 07:40 – Updated: 2026-02-09 15:34
VLAI
Title
Stack Overflow via Oversized Cookie Fields in lighttpd
Summary
Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:34:33.982565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:34:53.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diconium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial\u2011of\u2011service condition and possible remote code execution.\u003cbr\u003e"
}
],
"value": "Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial\u2011of\u2011service condition and possible remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T07:40:00.484Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-004"
}
],
"source": {
"advisory": "VDE-2026-004",
"defect": [
"CERT@VDE#641934"
],
"discovery": "UNKNOWN"
},
"title": "Stack Overflow via Oversized Cookie Fields in lighttpd",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-22904",
"datePublished": "2026-02-09T07:40:00.484Z",
"dateReserved": "2026-01-13T08:33:25.683Z",
"dateUpdated": "2026-02-09T15:34:53.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22903 (GCVE-0-2026-22903)
Vulnerability from cvelistv5 – Published: 2026-02-09 07:39 – Updated: 2026-02-09 15:36
VLAI
Title
Stack Overflow via SESSIONID Cookie in lighttpd
Summary
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:36:08.801691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:36:36.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "2.64",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1322",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
},
{
"defaultStatus": "unaffected",
"product": "0852-1328",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "2.64"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diconium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T07:39:42.537Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2026-004"
}
],
"source": {
"advisory": "VDE-2026-004",
"defect": [
"CERT@VDE#641934"
],
"discovery": "UNKNOWN"
},
"title": "Stack Overflow via SESSIONID Cookie in lighttpd",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-22903",
"datePublished": "2026-02-09T07:39:42.537Z",
"dateReserved": "2026-01-13T08:33:25.683Z",
"dateUpdated": "2026-02-09T15:36:36.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-50926 (GCVE-0-2022-50926)
Vulnerability from cvelistv5 – Published: 2026-01-13 22:51 – Updated: 2026-01-14 19:19
VLAI
Title
WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation
Summary
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50793 | exploit |
| https://www.wago.com | product |
| https://www.vulncheck.com/advisories/wago-pfc-g-e… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wago | WAGO 750-8212 PFC200 |
Affected:
Firmware version 03.05.10(17)
|
Date Public
2022-02-16 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:50:07.390254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:19:35.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WAGO 750-8212 PFC200",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "Firmware version 03.05.10(17)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Momen Eldawakhly (Cyber Guy) at Cypro AB"
}
],
"datePublic": "2022-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie\u0027s \u0027name\u0027 and \u0027roles\u0027 parameters to elevate from ordinary user to administrative privileges without authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T22:51:57.087Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50793",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50793"
},
{
"name": "Official Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.wago.com"
},
{
"name": "VulnCheck Advisory: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wago-pfc-g-eth-rs-privilege-escalation"
}
],
"title": "WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50926",
"datePublished": "2026-01-13T22:51:57.087Z",
"dateReserved": "2026-01-11T13:34:26.328Z",
"dateUpdated": "2026-01-14T19:19:35.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41716 (GCVE-0-2025-41716)
Vulnerability from cvelistv5 – Published: 2025-09-24 09:04 – Updated: 2025-09-24 13:03
VLAI
Title
Unauthenticated User Enumeration via Missing Authentication
Summary
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Solution Builder |
Affected:
0.0.0 , < 2.3.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:03:29.670633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:03:53.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.3.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.\u003cbr\u003e"
}
],
"value": "The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T09:04:33.971Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-087"
}
],
"source": {
"advisory": "VDE-2025-087",
"defect": [
"CERT@VDE#641858"
],
"discovery": "UNKNOWN"
},
"title": "Unauthenticated User Enumeration via Missing Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41716",
"datePublished": "2025-09-24T09:04:33.971Z",
"dateReserved": "2025-04-16T11:17:48.313Z",
"dateUpdated": "2025-09-24T13:03:53.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41715 (GCVE-0-2025-41715)
Vulnerability from cvelistv5 – Published: 2025-09-24 09:04 – Updated: 2025-09-24 13:07
VLAI
Title
Missing Authentication for Database Access in Web Application
Summary
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Device Sphere |
Affected:
0.0.0 , < 1.1.0
(semver)
|
|
| WAGO | Solution Builder |
Affected:
0.0.0 , < 2.3.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:07:23.769369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:07:30.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Device Sphere",
"vendor": "WAGO",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Solution Builder",
"vendor": "WAGO",
"versions": [
{
"lessThan": "2.3.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.\u003c/p\u003e"
}
],
"value": "The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T09:04:22.835Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-087"
}
],
"source": {
"advisory": "VDE-2025-087",
"defect": [
"CERT@VDE#641858"
],
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Database Access in Web Application",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41715",
"datePublished": "2025-09-24T09:04:22.835Z",
"dateReserved": "2025-04-16T11:17:48.312Z",
"dateUpdated": "2025-09-24T13:07:30.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41713 (GCVE-0-2025-41713)
Vulnerability from cvelistv5 – Published: 2025-09-15 08:00 – Updated: 2025-09-15 15:23
VLAI
Title
WAGO: Vulnerability in hardware switch circuit
Summary
During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
48 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T15:23:05.302247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T15:23:17.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301 HW rev. \u0026lt;082100",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301/K000-0005",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9301/K000-0005 HW rev. \u0026lt;082100",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9401",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9401 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402/0000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402/0000-0001 HW rev. \u0026lt;052800",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9402 HW rev. \u0026lt;032800",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9403",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9403 HW rev. \u0026lt;022800",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002 HW rev. 32500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4101",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4101 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4102",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4102 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4104",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4104 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0001 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4201/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4301/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4301/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4302/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4302/8000-0002 HW rev. \u0026lt;072500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4303/8000-0002 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4304/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4304/8000-0002 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4305/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4305/8000-0002 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0001 HW rev. \u0026lt;042500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-4306/8000-0002 HW rev. \u0026lt;042500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5201/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5201/8000-0001 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5203/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5203/8000-0001 HW rev. \u0026lt;062500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5204/8000-0001 HW rev. \u0026lt;052500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5205/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5205/8000-0001 HW rev. \u0026lt;032500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5206/8000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "HW",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-5206/8000-0001 HW rev. \u0026lt;042500",
"vendor": "WAGO",
"versions": [
{
"lessThan": "04.08.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration."
}
],
"value": "During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T08:00:50.241Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-083"
},
{
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-083.json"
}
],
"source": {
"advisory": "VDE-2025-083",
"defect": [
"CERT@VDE#641852"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Vulnerability in hardware switch circuit",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41713",
"datePublished": "2025-09-15T08:00:50.241Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2025-09-15T15:23:17.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41664 (GCVE-0-2025-41664)
Vulnerability from cvelistv5 – Published: 2025-09-08 06:39 – Updated: 2025-09-08 16:03
VLAI
Title
Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates
Summary
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Coupler 0750-0362 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0362/0000-0001 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0362/0040-0000 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0362/K013-1080 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0362/K019-7576 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0363 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0363/0040-0000 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0364/0040-0010 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0365/0040-0010 |
Affected:
0 , < FW13
(semver)
|
|
| WAGO | Coupler 0750-0366 |
Affected:
0 , < FW13
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T16:02:34.291705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T16:03:08.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362/0000-0001",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362/0040-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362/K013-1080",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0362/K019-7576",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0363",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0363/0040-0000",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0364/0040-0010",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0365/0040-0010",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coupler 0750-0366",
"vendor": "WAGO",
"versions": [
{
"lessThan": "FW13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.\u003cbr\u003e"
}
],
"value": "A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T06:39:19.566Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-048"
}
],
"source": {
"advisory": "VDE-2025-048",
"defect": [
"CERT@VDE#641798"
],
"discovery": "UNKNOWN"
},
"title": "Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41664",
"datePublished": "2025-09-08T06:39:19.566Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-09-08T16:03:08.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202002-1458
Vulnerability from variot - Updated: 2026-04-10 22:02eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines. PPP is the protocol used for establishing internet links over dial-up modems, DSL connections, and many other types of point-to-point links including Virtual Private Networks (VPN) such as Point to Point Tunneling Protocol (PPTP). The pppd software can also authenticate a network connected peer and/or supply authentication information to the peer using multiple authentication protocols including EAP. Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to execution of unwanted code.The vulnerability is in the logic of the eap parsing code, specifically in the eap_request() and eap_response() functions in eap.c that are called by a network input handler. These functions take a pointer and length as input using the the first byte as a type. If the type is EAPT_MD5CHAP(4), it looks at an embedded 1-byte length field. The logic in this code is intended to makes sure that embedded length is smaller than the whole packet length. After this verification, it tries to copy provided data (hostname) that is located after the embedded length field into a local stack buffer. This bounds check is incorrect and allows for memory copy to happen with an arbitrary length of data. An additional logic flaw causes the eap_input() function to not check if EAP has been negotiated during the Link Control Protocol (LCP) phase. This allows an unauthenticated attacker to send an EAP packet even if ppp refused the authentication negotiation due to lack of support for EAP or due to mismatch of an agreed pre-shared passphrase in the LCP phase. The vulnerable pppd code in eap_input will still process the EAP packet and trigger the stack buffer overflow. This unverified data with an unknown size can be used to corrupt memory of the target system. The pppd often runs with high privileges (system or root) and works in conjunction with kernel drivers. This makes it possible for an attacker to potentially execute arbitrary code with system or root level privileges.The pppd software is also adopted into lwIP (lightweight IP) project to provide pppd capabilities for small devices. The default installer and packages of lwIP are not vulnerable to this buffer overflow. However if you have used the lwIP source code and configured specifically to enable EAP at compile time, your software is likely vulnerable to the buffer overflow. The recommended update is available from Git repoistory http://git.savannah.nongnu.org/cgit/lwip.git.This type of weakness is commonly associated in Common Weakness Enumeration (CWE) with CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). A Proof-of-Concept exploit for PPTP VPN Servers with additional tools are available in the by CERT/CC PoC repository. By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution. ppp Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state.
For the oldstable distribution (stretch), this problem has been fixed in version 2.4.7-1+4+deb9u1.
For the stable distribution (buster), this problem has been fixed in version 2.4.7-2+4.1+deb10u1.
For the detailed security status of ppp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ppp
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5REqZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SD8g/9Ff6xy7FrjoHactYr1UIlubUzQvHRkou9rNWjCpos0GlTaUtYY8GIEwyT GyngmqnOnghAHw+ZrvIvJbRDfLpSsa/5V6D6Fa3v9U0RXcHM71fnLqB4KOuH8c4l cdt2zJjtmnsJFsnla1HOIB46QEfN9rBKzi5uBVBPRejFcbpzq5U3wHtb4C8w7Q3v hlPK8GDppQcT2fA7Zl3MlRy3TkmpWjq3TT3E5vjnrh2TQ4ObnmeYOSCY0d/s7pM/ pQ3bFfNZhNiWievJgMyXRFjPf132d97w0MOzrR7tTzJJfBOk8ym+yhC6c6caXycg 9ml5B2BTHZvwSRiLCE9QOtjRDrlCe69j1FzCPNibkDnJXMo/qMUbpvk/iOC0945X /LGRgLySMufDsRF6bYc0TMpLc2S9WgTFIss7gGN6GgkuHqU95N7lwvf2WqrFYJeg JAP0X+1PQhfsq06IkG5tsnYm8Dc6au8mD/+u6ADY+jUV7cFHIlbgwm/ciFjYe1N7 VZwFKnKjuokH79A6S8TW+xvlqfH/20YTtMrrQX6fZd1gqWwWjBmAWY0fPGetiVl0 yCt9OiBZG3P2FqerAeUB2fRfRaFXBmTUzxQc00D5WlAOZ7qh+6/qyh04Re6jq4zI euFQYtUBSLJxB+ZK5DuFUbYQUXodIXHRaW3t/1ydru7W/3arZrI= =abUf -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4288-2 March 02, 2020
ppp vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
ppp could be made to crash or run programs if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that ppp incorrectly handled certain rhostname values.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: ppp 2.4.5-5.1ubuntu2.3+esm1
Ubuntu 12.04 ESM: ppp 2.4.5-5ubuntu1.3
In general, a standard system update will make all the necessary changes. 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: ppp security update Advisory ID: RHSA-2020:0630-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0630 Issue date: 2020-02-27 CVE Names: CVE-2020-8597 =====================================================================
- Summary:
An update for ppp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line.
Security Fix(es):
- ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
ppc64: ppp-2.4.5-34.el7_7.ppc64.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm
ppc64le: ppp-2.4.5-34.el7_7.ppc64le.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm
s390x: ppp-2.4.5-34.el7_7.s390x.rpm ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: ppp-debuginfo-2.4.5-34.el7_7.ppc.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm ppp-devel-2.4.5-34.el7_7.ppc.rpm ppp-devel-2.4.5-34.el7_7.ppc64.rpm
ppc64le: ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm ppp-devel-2.4.5-34.el7_7.ppc64le.rpm
s390x: ppp-debuginfo-2.4.5-34.el7_7.s390.rpm ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm ppp-devel-2.4.5-34.el7_7.s390.rpm ppp-devel-2.4.5-34.el7_7.s390x.rpm
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ppp-2.4.5-34.el7_7.src.rpm
x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8597 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXlfen9zjgjWX9erEAQj4VxAAhoolIsxKBSxXvlTM4FIBi2+s77BlOiby 1957YccCxFTvU0YP2LWqueepO/2Z9G/dBVGvej+JruD5Uc1qrIWyZNfnD9Y5CFw/ p1yTAKt0RM4XN9TeqXRn8ufYTMOU3hG1RIksbhKA1Wo8Xwf0BTj43BN9bv/7vHwj 2GQEfp37ARKvBjrQDCKh5Yhe5vtLYHbC4NOkvZwt3pFc5Je001RFGwk5/sN2Vtiz 91jazEJ9/duWvUn6O45vu1uTXRZnlPIQJmMtlD8+KbBVS4JK4oWoi9vyKM81y2AK JMlENiPstjEHOaIrdpd1nA1GWhPen4xNFMh1+4CGp7JfFPh8eUT59B8UDkBFdFzX tEyUqqb4xpNb+k2IMR50XZM9r5lGV8RQxex37EXOIyLzz4qSv6Anq/DcoP5cGbvu iLAtSMJZz2BMJZ0a8+Cg6ynxbip1SqsgcmjbDRK/Ccf0CICvlj6apineUL9vtvBL TVEQnlqXO70uYLG3xTTLWiXqVradqATKzbUuPzvgME7aHGIRWyek4JvwCuetzR1/ nyZts/ldBvmyob6KcUF7KejKUighqDwnoTmx6vWJlOT6DT3CZaS5tTvbZNd2kJk0 nTmV6AD+yNcnI53FSh6WHPutUq3yDCQTEPojhgl13aDVXyzeAMmuzSOjFGG/+/GO iXgkiSqdt/o= =Fzi6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64
-
Gentoo Linux Security Advisory GLSA 202003-19
https://security.gentoo.org/
Severity: High Title: PPP: Buffer overflow Date: March 15, 2020 Bugs: #710308 ID: 202003-19
Synopsis
A buffer overflow in PPP might allow a remote attacker to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dialup/ppp < 2.4.8 >= 2.4.8
Description
It was discovered that bounds check in PPP for the rhostname was improperly constructed in the EAP request and response functions.
Workaround
There is no known workaround at this time.
Resolution
All PPP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.8"
References
[ 1 ] CVE-2020-8597 https://nvd.nist.gov/vuln/detail/CVE-2020-8597
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-19
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "point-to-point protocol",
"scope": "lte",
"trust": 1.0,
"vendor": "point to point protocol",
"version": "2.4.8"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "point-to-point protocol",
"scope": "gte",
"trust": 1.0,
"vendor": "point to point protocol",
"version": "2.4.2"
},
{
"_id": null,
"model": "pfc",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.04.10\\(16\\)"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"_id": null,
"model": "point-to-point protocol",
"scope": "eq",
"trust": 0.8,
"vendor": "point to point protocol",
"version": "2.4.2 \u304b\u3089 2.4.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:point-to-point_protocol_project:point-to-point_protocol",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
}
]
},
"credits": {
"_id": null,
"data": "Thanks to Ilja Van Sprundel from IOActive for reporting this vulnerability. This document was written by Vijay Sarvepalli. ",
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
}
],
"trust": 0.8
},
"cve": "CVE-2020-8597",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8597",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 7.7,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-8597",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-001593",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8597",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-001593",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8597",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-8597",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-8597",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-001593",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-029",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-8597",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"description": {
"_id": null,
"data": "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines. PPP is the protocol used for establishing internet links over dial-up modems, DSL connections, and many other types of point-to-point links including Virtual Private Networks (VPN) such as Point to Point Tunneling Protocol (PPTP). The pppd software can also authenticate a network connected peer and/or supply authentication information to the peer using multiple authentication protocols including EAP. Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to execution of unwanted code.The vulnerability is in the logic of the eap parsing code, specifically in the eap_request() and eap_response() functions in eap.c that are called by a network input handler. These functions take a pointer and length as input using the the first byte as a type. If the type is EAPT_MD5CHAP(4), it looks at an embedded 1-byte length field. The logic in this code is intended to makes sure that embedded length is smaller than the whole packet length. After this verification, it tries to copy provided data (hostname) that is located after the embedded length field into a local stack buffer. This bounds check is incorrect and allows for memory copy to happen with an arbitrary length of data. An additional logic flaw causes the eap_input() function to not check if EAP has been negotiated during the Link Control Protocol (LCP) phase. This allows an unauthenticated attacker to send an EAP packet even if ppp refused the authentication negotiation due to lack of support for EAP or due to mismatch of an agreed pre-shared passphrase in the LCP phase. The vulnerable pppd code in eap_input will still process the EAP packet and trigger the stack buffer overflow. This unverified data with an unknown size can be used to corrupt memory of the target system. The pppd often runs with high privileges (system or root) and works in conjunction with kernel drivers. This makes it possible for an attacker to potentially execute arbitrary code with system or root level privileges.The pppd software is also adopted into lwIP (lightweight IP) project to provide pppd capabilities for small devices. The default installer and packages of lwIP are not vulnerable to this buffer overflow. However if you have used the lwIP source code and configured specifically to enable EAP at compile time, your software is likely vulnerable to the buffer overflow. The recommended update is available from Git repoistory http://git.savannah.nongnu.org/cgit/lwip.git.This type of weakness is commonly associated in Common Weakness Enumeration (CWE) with CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027). A Proof-of-Concept exploit for PPTP VPN Servers with additional tools are available in the by CERT/CC PoC repository. By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution. ppp Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. \n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 2.4.7-1+4+deb9u1. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.4.7-2+4.1+deb10u1. \n\nFor the detailed security status of ppp please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/ppp\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5REqZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SD8g/9Ff6xy7FrjoHactYr1UIlubUzQvHRkou9rNWjCpos0GlTaUtYY8GIEwyT\nGyngmqnOnghAHw+ZrvIvJbRDfLpSsa/5V6D6Fa3v9U0RXcHM71fnLqB4KOuH8c4l\ncdt2zJjtmnsJFsnla1HOIB46QEfN9rBKzi5uBVBPRejFcbpzq5U3wHtb4C8w7Q3v\nhlPK8GDppQcT2fA7Zl3MlRy3TkmpWjq3TT3E5vjnrh2TQ4ObnmeYOSCY0d/s7pM/\npQ3bFfNZhNiWievJgMyXRFjPf132d97w0MOzrR7tTzJJfBOk8ym+yhC6c6caXycg\n9ml5B2BTHZvwSRiLCE9QOtjRDrlCe69j1FzCPNibkDnJXMo/qMUbpvk/iOC0945X\n/LGRgLySMufDsRF6bYc0TMpLc2S9WgTFIss7gGN6GgkuHqU95N7lwvf2WqrFYJeg\nJAP0X+1PQhfsq06IkG5tsnYm8Dc6au8mD/+u6ADY+jUV7cFHIlbgwm/ciFjYe1N7\nVZwFKnKjuokH79A6S8TW+xvlqfH/20YTtMrrQX6fZd1gqWwWjBmAWY0fPGetiVl0\nyCt9OiBZG3P2FqerAeUB2fRfRaFXBmTUzxQc00D5WlAOZ7qh+6/qyh04Re6jq4zI\neuFQYtUBSLJxB+ZK5DuFUbYQUXodIXHRaW3t/1ydru7W/3arZrI=\n=abUf\n-----END PGP SIGNATURE-----\n. =========================================================================\nUbuntu Security Notice USN-4288-2\nMarch 02, 2020\n\nppp vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nppp could be made to crash or run programs if it received specially crafted network traffic. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that ppp incorrectly handled certain rhostname values. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n ppp 2.4.5-5.1ubuntu2.3+esm1\n\nUbuntu 12.04 ESM:\n ppp 2.4.5-5ubuntu1.3\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: ppp security update\nAdvisory ID: RHSA-2020:0630-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0630\nIssue date: 2020-02-27\nCVE Names: CVE-2020-8597 \n=====================================================================\n\n1. Summary:\n\nAn update for ppp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe ppp packages contain the Point-to-Point Protocol (PPP) daemon and\ndocumentation for PPP support. The PPP protocol provides a method for\ntransmitting datagrams over serial point-to-point links. PPP is usually\nused to dial in to an Internet Service Provider (ISP) or other organization\nover a modem and phone line. \n\nSecurity Fix(es):\n\n* ppp: Buffer overflow in the eap_request and eap_response functions in\neap.c (CVE-2020-8597)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nppc64:\nppp-2.4.5-34.el7_7.ppc64.rpm\nppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm\n\nppc64le:\nppp-2.4.5-34.el7_7.ppc64le.rpm\nppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm\n\ns390x:\nppp-2.4.5-34.el7_7.s390x.rpm\nppp-debuginfo-2.4.5-34.el7_7.s390x.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nppp-debuginfo-2.4.5-34.el7_7.ppc.rpm\nppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm\nppp-devel-2.4.5-34.el7_7.ppc.rpm\nppp-devel-2.4.5-34.el7_7.ppc64.rpm\n\nppc64le:\nppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm\nppp-devel-2.4.5-34.el7_7.ppc64le.rpm\n\ns390x:\nppp-debuginfo-2.4.5-34.el7_7.s390.rpm\nppp-debuginfo-2.4.5-34.el7_7.s390x.rpm\nppp-devel-2.4.5-34.el7_7.s390.rpm\nppp-devel-2.4.5-34.el7_7.s390x.rpm\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nppp-2.4.5-34.el7_7.src.rpm\n\nx86_64:\nppp-2.4.5-34.el7_7.x86_64.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nppp-debuginfo-2.4.5-34.el7_7.i686.rpm\nppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm\nppp-devel-2.4.5-34.el7_7.i686.rpm\nppp-devel-2.4.5-34.el7_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8597\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXlfen9zjgjWX9erEAQj4VxAAhoolIsxKBSxXvlTM4FIBi2+s77BlOiby\n1957YccCxFTvU0YP2LWqueepO/2Z9G/dBVGvej+JruD5Uc1qrIWyZNfnD9Y5CFw/\np1yTAKt0RM4XN9TeqXRn8ufYTMOU3hG1RIksbhKA1Wo8Xwf0BTj43BN9bv/7vHwj\n2GQEfp37ARKvBjrQDCKh5Yhe5vtLYHbC4NOkvZwt3pFc5Je001RFGwk5/sN2Vtiz\n91jazEJ9/duWvUn6O45vu1uTXRZnlPIQJmMtlD8+KbBVS4JK4oWoi9vyKM81y2AK\nJMlENiPstjEHOaIrdpd1nA1GWhPen4xNFMh1+4CGp7JfFPh8eUT59B8UDkBFdFzX\ntEyUqqb4xpNb+k2IMR50XZM9r5lGV8RQxex37EXOIyLzz4qSv6Anq/DcoP5cGbvu\niLAtSMJZz2BMJZ0a8+Cg6ynxbip1SqsgcmjbDRK/Ccf0CICvlj6apineUL9vtvBL\nTVEQnlqXO70uYLG3xTTLWiXqVradqATKzbUuPzvgME7aHGIRWyek4JvwCuetzR1/\nnyZts/ldBvmyob6KcUF7KejKUighqDwnoTmx6vWJlOT6DT3CZaS5tTvbZNd2kJk0\nnTmV6AD+yNcnI53FSh6WHPutUq3yDCQTEPojhgl13aDVXyzeAMmuzSOjFGG/+/GO\niXgkiSqdt/o=\n=Fzi6\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: PPP: Buffer overflow\n Date: March 15, 2020\n Bugs: #710308\n ID: 202003-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA buffer overflow in PPP might allow a remote attacker to execute\narbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dialup/ppp \u003c 2.4.8 \u003e= 2.4.8\n\nDescription\n===========\n\nIt was discovered that bounds check in PPP for the rhostname was\nimproperly constructed in the EAP request and response functions. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PPP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dialup/ppp-2.4.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-8597\n https://nvd.nist.gov/vuln/detail/CVE-2020-8597\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-19\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8597"
},
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156458"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
}
],
"trust": 3.15
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/782301",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-8597",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#782301",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-224-04",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "156662",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "156802",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-809841",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU99700555",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96514651",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156458",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156739",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0639",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0615",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0462",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0761",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0722",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1910",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020030097",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46090",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-8597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168774",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156561",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156559",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156554",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156458"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"id": "VAR-202002-1458",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8543956
},
"last_update_date": "2026-04-10T22:02:50.171000Z",
"patch": {
"_id": null,
"data": [
{
"title": "pppd: Fix bounds check in EAP code",
"trust": 0.8,
"url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
},
{
"title": "ppp Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=111043"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200630 - Security Advisory"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200634 - Security Advisory"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200631 - Security Advisory"
},
{
"title": "Red Hat: Important: ppp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200633 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: ppp vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4288-1"
},
{
"title": "Ubuntu Security Notice: ppp vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4288-2"
},
{
"title": "Debian CVElist Bug Report Logs: ppp: CVE-2020-8597: Fix bounds check in EAP code",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a22a6da34189b0f5668819364fab3eb5"
},
{
"title": "Debian Security Advisories: DSA-4632-1 ppp -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=09892726301f394d4585b87fe5ae0272"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1371",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1371"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1400",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1400"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8597 log"
},
{
"title": "Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597-",
"trust": 0.1,
"url": "https://github.com/Dilan-Diaz/Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597- "
},
{
"title": "Xiaomi Redmi Router AC2100",
"trust": 0.1,
"url": "https://github.com/Juanezm/openwrt-redmi-ac2100 "
},
{
"title": "CVE-2020-8597",
"trust": 0.1,
"url": "https://github.com/marcinguy/CVE-2020-8597 "
},
{
"title": "CVE-2020-8597",
"trust": 0.1,
"url": "https://github.com/WinMin/CVE-2020-8597 "
},
{
"title": "Xiaomi-RM2100-1.0.14-vs.-CVE-2020-8597\nadd howto:\nA quick http server for the current directory\nAnd in another window...\nStart pppoe-server in the foreground\nIn another window to trigger the exploit\nEnable uart and bootdelay, useful for testing or recovery if you have an uart adapter!\nSet kernel1 as the booting kernel\nCommit our nvram changes\nFlash the kernel\nFlash the rootfs and reboot",
"trust": 0.1,
"url": "https://github.com/syb999/pppd-cve "
},
{
"title": "Bulk Security Pull Request Generator",
"trust": 0.1,
"url": "https://github.com/JLLeitschuh/bulk-security-pr-generator "
},
{
"title": "Protocol-Vulnerability\nRelated Resources\nContributors",
"trust": 0.1,
"url": "https://github.com/WinMin/Protocol-Vul "
},
{
"title": "https://github.com/huike007/poc",
"trust": 0.1,
"url": "https://github.com/huike007/poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8597"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-120",
"trust": 2.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-04"
},
{
"trust": 3.0,
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8597"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/156802/pppd-2.4.8-buffer-overflow.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/156662/pppd-2.4.8-buffer-overflow.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0631"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0630"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0633"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0634"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202003-19"
},
{
"trust": 1.6,
"url": "https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af"
},
{
"trust": 1.6,
"url": "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426"
},
{
"trust": 1.6,
"url": "https://www.synology.com/security/advisory/synology_sa_20_02"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00006.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2020/mar/6"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000061806/security-advisory-for-unauthenticated-remote-buffer-overflow-attack-in-pppd-on-wac510-psv-2020-0136"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20200313-0004/"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4288-2/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4288-1/"
},
{
"trust": 1.6,
"url": "https://www.debian.org/security/2020/dsa-4632"
},
{
"trust": 1.6,
"url": "https://www.kb.cert.org/vuls/id/782301"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2020-8597"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/unjnhwoo4xf73m2w56ilzuy4jqg3jxir/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yofdaiowswpg732asyuzninmxdhy4ape/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8597 "
},
{
"trust": 0.8,
"url": "https://vulners.com/cve/cve-2020-8597"
},
{
"trust": 0.8,
"url": "http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86"
},
{
"trust": 0.8,
"url": "http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=d281d3e9592a3ca2ad0c3b7840f8036facc02f7b"
},
{
"trust": 0.8,
"url": "https://github.com/certcc/poc-exploits/tree/master/cve-2020-8597-pptpd"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8597"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96514651/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99700555/"
},
{
"trust": 0.8,
"url": "https://kb.cert.org/vuls/id/782301/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/unjnhwoo4xf73m2w56ilzuy4jqg3jxir/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yofdaiowswpg732asyuzninmxdhy4ape/"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2020-06-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0639/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156739/gentoo-linux-security-advisory-202003-19.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0722/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0615/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0696/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0761/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020030097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0462/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2766/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46090"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/ppp-buffer-overflow-via-eap-request-31562"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1910/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156458/ubuntu-security-notice-usn-4288-1.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4288-1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/ppp"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4288-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ppp/2.4.7-2+4.1ubuntu4.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ppp/2.4.7-2+2ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ppp/2.4.7-1+2ubuntu1.16.04.2"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
},
{
"db": "PACKETSTORM",
"id": "168774"
},
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156561"
},
{
"db": "PACKETSTORM",
"id": "156549"
},
{
"db": "PACKETSTORM",
"id": "156458"
},
{
"db": "PACKETSTORM",
"id": "156559"
},
{
"db": "PACKETSTORM",
"id": "156554"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593"
},
{
"db": "NVD",
"id": "CVE-2020-8597"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#782301",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-8597",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168774",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156597",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156561",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156549",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156458",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156559",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156554",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156739",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001593",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-8597",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-04T00:00:00",
"db": "CERT/CC",
"id": "VU#782301",
"ident": null
},
{
"date": "2020-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8597",
"ident": null
},
{
"date": "2020-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "168774",
"ident": null
},
{
"date": "2020-03-02T20:48:57",
"db": "PACKETSTORM",
"id": "156597",
"ident": null
},
{
"date": "2020-02-27T15:59:22",
"db": "PACKETSTORM",
"id": "156561",
"ident": null
},
{
"date": "2020-02-27T14:02:22",
"db": "PACKETSTORM",
"id": "156549",
"ident": null
},
{
"date": "2020-02-20T21:18:33",
"db": "PACKETSTORM",
"id": "156458",
"ident": null
},
{
"date": "2020-02-27T15:44:44",
"db": "PACKETSTORM",
"id": "156559",
"ident": null
},
{
"date": "2020-02-27T17:02:22",
"db": "PACKETSTORM",
"id": "156554",
"ident": null
},
{
"date": "2020-03-15T14:00:00",
"db": "PACKETSTORM",
"id": "156739",
"ident": null
},
{
"date": "2020-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-029",
"ident": null
},
{
"date": "2020-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001593",
"ident": null
},
{
"date": "2020-02-03T23:15:11.387000",
"db": "NVD",
"id": "CVE-2020-8597",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "CERT/CC",
"id": "VU#782301",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8597",
"ident": null
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-029",
"ident": null
},
{
"date": "2020-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001593",
"ident": null
},
{
"date": "2025-12-03T16:15:54.430000",
"db": "NVD",
"id": "CVE-2020-8597",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "156597"
},
{
"db": "PACKETSTORM",
"id": "156458"
},
{
"db": "PACKETSTORM",
"id": "156739"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "pppd vulnerable to buffer overflow due to a flaw in EAP packet processing",
"sources": [
{
"db": "CERT/CC",
"id": "VU#782301"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-029"
}
],
"trust": 0.6
}
}
VAR-202212-1959
Vulnerability from variot - Updated: 2025-10-03 21:55In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. Pilz PMC A programming tool is vulnerable to the use of weak password hashes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1959",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "controller cecc-d",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.1"
},
{
"model": "762-4203\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4301\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control rte v3",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-4302\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "hmi v3",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-5203\\/8000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4202\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6203\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4205\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6302\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8100",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "pmc",
"scope": "lt",
"trust": 1.0,
"vendor": "pilz",
"version": "3.5.17"
},
{
"model": "v3 simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "750-8214",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-5306\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "controller cecc-lk",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.0"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "controller cecc-lk",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.1"
},
{
"model": "762-4204\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4205\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4306\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6202\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4304\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8213",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8212",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4201\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8102",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8215",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4305\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "752-8303\\/8000-0002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "controller cecc-s",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.0"
},
{
"model": "750-8206",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "controller cecc-s",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.1"
},
{
"model": "750-8211",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "pmc",
"scope": "gte",
"trust": 1.0,
"vendor": "pilz",
"version": "3.0.0"
},
{
"model": "control v3 runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-5305\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8217",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "control win v3",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-5205\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-5206\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8216",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6201\\/8000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-4206\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4206\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-5204\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6301\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6304\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8210",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-5304\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8204",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-5303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6204\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8202",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8101",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8203",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "controller cecc-d",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.0"
},
{
"model": "750-8207",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "pmc",
"scope": "eq",
"trust": 0.8,
"vendor": "pilz",
"version": "3.5.17"
},
{
"model": "pmc",
"scope": "lt",
"trust": 0.8,
"vendor": "pilz",
"version": "3.x"
},
{
"model": "pmc",
"scope": "eq",
"trust": 0.8,
"vendor": "pilz",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"cve": "CVE-2020-12069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12069",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-12069",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2020-12069",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12069",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-12069",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3933",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. Pilz PMC A programming tool is vulnerable to the use of weak password hashes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12069",
"trust": 3.2
},
{
"db": "CERT@VDE",
"id": "VDE-2021-061",
"trust": 2.4
},
{
"db": "CERT@VDE",
"id": "VDE-2022-022",
"trust": 1.0
},
{
"db": "CERT@VDE",
"id": "VDE-2022-031",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004118",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3933",
"trust": 0.6
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"id": "VAR-202212-1959",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4538690433333333
},
"last_update_date": "2025-10-03T21:55:02.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.pilz.com/ja-INT"
},
{
"title": "Pilz PMC programming tool Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220121"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-916",
"trust": 1.0
},
{
"problemtype": "Use of weak password hashes (CWE-916) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert.vde.com/en/advisories/vde-2021-061/"
},
{
"trust": 1.0,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"trust": 1.0,
"url": "https://cert.vde.com/en/advisories/vde-2022-031/"
},
{
"trust": 1.0,
"url": "https://cert.vde.com/en/advisories/vde-2022-022/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12069"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-12069/"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"date": "2023-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"date": "2022-12-26T19:15:10.520000",
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"date": "2025-10-02T06:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"date": "2025-05-05T14:15:00.537000",
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pilz\u00a0PMC\u00a0 Vulnerability in using weak password hashes in programming tools",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
}
],
"trust": 0.6
}
}
VAR-202110-1142
Vulnerability from variot - Updated: 2025-08-16 23:21A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1142",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "750-891",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-882",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-862",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-889",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-8202",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8207",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-829",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-852",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-8210",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8213",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8208",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8214",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8203",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "plcwinnt",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.4.7.56"
},
{
"model": "750-885",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-831",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-8216",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "codesys",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "1.1.9.22"
},
{
"model": "750-8204",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8211",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8206",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-823",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-832",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-880",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-881",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-8217",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.4.7.56"
},
{
"model": "750-8212",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-890",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-893",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "plcwinnt",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "runtime toolkit",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": "2.4.7.56"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014194"
},
{
"db": "NVD",
"id": "CVE-2021-34596"
}
]
},
"cve": "CVE-2021-34596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-34596",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34596",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-014194",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34596",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-34596",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-34596",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1825",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1825"
},
{
"db": "NVD",
"id": "CVE-2021-34596"
},
{
"db": "NVD",
"id": "CVE-2021-34596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34596"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014194"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34596",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014194",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1825",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1825"
},
{
"db": "NVD",
"id": "CVE-2021-34596"
}
]
},
"id": "VAR-202110-1142",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.38665413157894735
},
"last_update_date": "2025-08-16T23:21:27.177000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02021-17",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16878\u0026token=e5644ec405590e66aefa62304cb8632df9fc9e9c\u0026download="
},
{
"title": "CODESYS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167877"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1825"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Accessing uninitialized pointers (CWE-824) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014194"
},
{
"db": "NVD",
"id": "CVE-2021-34596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=16878\u0026token=e5644ec405590e66aefa62304cb8632df9fc9e9c\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34596"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1825"
},
{
"db": "NVD",
"id": "CVE-2021-34596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1825"
},
{
"db": "NVD",
"id": "CVE-2021-34596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014194"
},
{
"date": "2021-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1825"
},
{
"date": "2021-10-26T10:15:08.127000",
"db": "NVD",
"id": "CVE-2021-34596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T06:54:00",
"db": "JVNDB",
"id": "JVNDB-2021-014194"
},
{
"date": "2021-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1825"
},
{
"date": "2025-08-15T20:24:15.653000",
"db": "NVD",
"id": "CVE-2021-34596"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1825"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0V2\u00a0Runtime\u00a0Toolkit\u00a032\u00a0Bit\u00a0full\u00a0 and \u00a0PLCWinNT\u00a0 Vulnerability in accessing uninitialized pointers in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1825"
}
],
"trust": 0.6
}
}
VAR-202110-1143
Vulnerability from variot - Updated: 2025-08-16 23:19A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT contains a vulnerability related to the use of out-of-bounds pointer offsets.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1143",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "750-891",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-882",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-862",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-889",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-8202",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8207",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-829",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-852",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-8210",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8213",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8208",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8214",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8203",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "plcwinnt",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.4.7.56"
},
{
"model": "750-885",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-831",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-8216",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "codesys",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "1.1.9.22"
},
{
"model": "750-8204",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8211",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-8206",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-823",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-832",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-880",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-881",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw17"
},
{
"model": "750-8217",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.4.7.56"
},
{
"model": "750-8212",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw20"
},
{
"model": "750-890",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "750-893",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw10"
},
{
"model": "plcwinnt",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "runtime toolkit",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": "2.4.7.56"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014195"
},
{
"db": "NVD",
"id": "CVE-2021-34595"
}
]
},
"cve": "CVE-2021-34595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-34595",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34595",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-014195",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34595",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-34595",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-34595",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1824",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1824"
},
{
"db": "NVD",
"id": "CVE-2021-34595"
},
{
"db": "NVD",
"id": "CVE-2021-34595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT contains a vulnerability related to the use of out-of-bounds pointer offsets.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34595"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014195"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34595",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014195",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1824",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1824"
},
{
"db": "NVD",
"id": "CVE-2021-34595"
}
]
},
"id": "VAR-202110-1143",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.38665413157894735
},
"last_update_date": "2025-08-16T23:19:55.535000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02021-17",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16878\u0026token=e5644ec405590e66aefa62304cb8632df9fc9e9c\u0026download="
},
{
"title": "CODESYS Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=167876"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1824"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-823",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Using out-of-bounds pointer offsets (CWE-823) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014195"
},
{
"db": "NVD",
"id": "CVE-2021-34595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=16878\u0026token=e5644ec405590e66aefa62304cb8632df9fc9e9c\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34595"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1824"
},
{
"db": "NVD",
"id": "CVE-2021-34595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1824"
},
{
"db": "NVD",
"id": "CVE-2021-34595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014195"
},
{
"date": "2021-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1824"
},
{
"date": "2021-10-26T10:15:08.070000",
"db": "NVD",
"id": "CVE-2021-34595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T06:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-014195"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1824"
},
{
"date": "2025-08-15T20:25:40.657000",
"db": "NVD",
"id": "CVE-2021-34595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1824"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0V2\u00a0Runtime\u00a0Toolkit\u00a032\u00a0Bit\u00a0full\u00a0 and \u00a0PLCWinNT\u00a0 Use of out-of-bounds pointer offset vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014195"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1824"
}
],
"trust": 0.6
}
}