|
220711
|
7.8 |
HIGH
Local
|
wago
|
e\!cockpit
|
An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow a…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-5159
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220712
|
7.2 |
HIGH
Network
|
wago
|
pfc200_firmware
|
An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating sy…
|
CWE-78
OS Command
|
CVE-2019-5156
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220713
|
7.2 |
HIGH
Network
|
wago
|
pfc200_firmware
|
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in …
|
CWE-78
OS Command
|
CVE-2019-5155
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220714
|
5.3 |
MEDIUM
Network
|
wago
|
pfc200_firmware
pfc100_firmware
|
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes …
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-5135
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220715
|
7.5 |
HIGH
Network
|
wago
|
pfc200_firmware
pfc100_firmware
|
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO P…
|
NVD-CWE-noinfo
|
CVE-2019-5134
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220716
|
7.5 |
HIGH
Network
|
wago
|
e\!cockpit
|
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret,…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-5107
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220717
|
7.5 |
HIGH
Network
|
wago
|
pfc200_firmware
pfc100_firmware
|
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-5149
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220718
|
5.5 |
MEDIUM
Local
|
wago
|
e\!cockpit
|
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-5106
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220719
|
7.2 |
HIGH
Network
|
arubanetworks
|
airwave
|
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to over…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-5326
|
2024-11-21 13:44 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220720
|
7.2 |
HIGH
Network
|
arubanetworks
|
airwave
|
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If…
|
CWE-77
Command Injection
|
CVE-2019-5323
|
2024-11-21 13:44 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
