Summary
Detail | |||
---|---|---|---|
Vendor | Wago | First view | 2022-03-09 |
Product | 762-6304/8000-002 Firmware | Last view | 2022-11-09 |
Version | * | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:wago:762-6304/8000-002_firmware |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2022-11-09 | CVE-2021-34569 | In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. |
7.5 | 2022-11-09 | CVE-2021-34568 | In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. |
8.2 | 2022-11-09 | CVE-2021-34567 | In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. |
9.1 | 2022-11-09 | CVE-2021-34566 | In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. |
5.4 | 2022-03-09 | CVE-2022-22511 | Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
20% (1) | CWE-787 | Out-of-bounds Write |
20% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
20% (1) | CWE-125 | Out-of-bounds Read |
20% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
20% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |