The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWago 751 9301
HWWagowszystkie wersjeWago 751 9301 Firmware
OSWago222316 – 22 (bez)Wago 752 8303\/8000 002
HWWagowszystkie wersjeWago 752 8303\/8000 002 Firmware
OSWago222318 – 22 (bez)Wago Pfc100
HWWagowszystkie wersjeWago Pfc100 Firmware
OSWago222316 – 22 (bez)Wago Pfc200
HWWagowszystkie wersjeWago Pfc200 Firmware
OSWago222316 – 22 (bez)Wago Touch Panel 600 Advanced
HWWagowszystkie wersjeWago Touch Panel 600 Advanced Firmware
OSWago222316 – 22 (bez)Wago Touch Panel 600 Marine
HWWagowszystkie wersjeWago Touch Panel 600 Marine Firmware
OSWago222316 – 22 (bez)Wago Touch Panel 600 Standard
HWWagowszystkie wersjeWago Touch Panel 600 Standard Firmware
OSWago222316 – 22 (bez)
Related vulnerabilities
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users an...
The configuration backend of the web-based management can be used by unauthenticated users, although only auth...
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted...
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS c...
The reported vulnerability allows an attacker who has network access to the device to execute code with specia...