|
218891
|
7.8 |
HIGH
Local
|
wago
|
pfc200_firmware
|
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is us…
|
CWE-78
OS Command
|
CVE-2019-5167
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218892
|
9.1 |
CRITICAL
Network
|
wago
|
pfc200_firmware
|
An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted…
|
NVD-CWE-noinfo
|
CVE-2019-5160
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218893
|
7.8 |
HIGH
Local
|
wago
|
e\!cockpit
|
An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow a…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-5159
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218894
|
7.2 |
HIGH
Network
|
wago
|
pfc200_firmware
|
An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating sy…
|
CWE-78
OS Command
|
CVE-2019-5156
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218895
|
7.2 |
HIGH
Network
|
wago
|
pfc200_firmware
|
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in …
|
CWE-78
OS Command
|
CVE-2019-5155
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218896
|
5.3 |
MEDIUM
Network
|
wago
|
pfc200_firmware
pfc100_firmware
|
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes …
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-5135
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218897
|
7.5 |
HIGH
Network
|
wago
|
pfc200_firmware
pfc100_firmware
|
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO P…
|
NVD-CWE-noinfo
|
CVE-2019-5134
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218898
|
7.5 |
HIGH
Network
|
wago
|
e\!cockpit
|
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret,…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-5107
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218899
|
7.5 |
HIGH
Network
|
wago
|
pfc200_firmware
pfc100_firmware
|
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-5149
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218900
|
5.5 |
MEDIUM
Local
|
wago
|
e\!cockpit
|
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-5106
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
