Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Wago — Vulnerabilities & Security Advisories 96

Browse all 96 CVE security advisories affecting Wago. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WAGO specializes in automation technology, primarily manufacturing programmable logic controllers and I/O systems for industrial environments. With 96 recorded Common Vulnerabilities and Exposures, the company’s products have historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from weak authentication mechanisms, insecure default configurations, and insufficient input validation within web-based management interfaces. Notable incidents include critical flaws allowing unauthenticated attackers to execute arbitrary commands or bypass access controls, potentially disrupting industrial operations. The high volume of CVEs reflects the complexity of embedded systems and the evolving threat landscape targeting operational technology. While WAGO releases security updates, the persistent nature of these issues highlights ongoing challenges in securing legacy industrial infrastructure against sophisticated cyber threats.

Top products by Wago: WAGO PFC200 WAGO PFC200 Firmware CC100 0751-9x01 0852-0303 Compact Controller CC100 (751-9301) WAGO e!Cockpit 750-81xx/xxx-xxxFW 0852-1322 Series PFC200 Controller Controller BACnet/IP Indsutrial-Managed-Switches Device Sphere Compact Controller CC100 750-8202/xxx-xxx CC100 0751-9301 Smart Designer Fully Managed Switches 0852-0303 WAGO CC100 0751-9x01 Wago Device Sphere Coupler 0750-0362 Solution Builder WAGO 750 Series WAGO 750-8212 PFC200 CC100 (0751-9x01) Lean Managed Switch 852-1812 750-8100 (Controller PFC100) Telecontrol Configurator Industrial Managed Switch (0852-0602) Compact Controller 100 (751-9301) 750-332
CVE IDTitleCVSSSeverityPublished
CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application — Smart DesignerCWE-203 4.3 Medium2026-04-16
CVE-2024-1490 Wago: Vulnerability in WBM through Open VPN — CC100 (0751-9x01)CWE-94 7.2 High2026-04-09
CVE-2026-2328 Backend Access Due to Insufficient Input Validation — Device SphereCWE-790 7.5 High2026-03-30
CVE-2026-3587 Hidden CLI Function Allows Root Access — Lean Managed Switch 852-1812CWE-912 10.0 Critical2026-03-23
CVE-2026-22906 Hardcoded Key Allows Credential Disclosure — 0852-1322CWE-321 9.8 Critical2026-02-09
CVE-2026-22905 Authentication Bypass via URI Traversal — 0852-1322CWE-22 7.5 High2026-02-09
CVE-2026-22904 Stack Overflow via Oversized Cookie Fields in lighttpd — 0852-1322CWE-121 9.8 Critical2026-02-09
CVE-2026-22903 Stack Overflow via SESSIONID Cookie in lighttpd — 0852-1322CWE-121 9.8 Critical2026-02-09
CVE-2022-50926 WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation — WAGO 750-8212 PFC200CWE-565 9.8 Critical2026-01-13
CVE-2025-41732 Stack-based buffer overflow via unsafe sscanf in check_cookie() — Indsutrial-Managed-SwitchesCWE-121 9.8 Critical2025-12-10
CVE-2025-41730 Stack-based buffer overflow via unsafe sscanf in check_account() — Indsutrial-Managed-SwitchesCWE-121 9.8 Critical2025-12-10
CVE-2025-41716 Unauthenticated User Enumeration via Missing Authentication — Solution BuilderCWE-306 5.3 Medium2025-09-24
CVE-2025-41715 Missing Authentication for Database Access in Web Application — Device SphereCWE-306 9.8 Critical2025-09-24
CVE-2025-41713 WAGO: Vulnerability in hardware switch circuit — CC100 0751-9301CWE-1188 6.5 Medium2025-09-15
CVE-2025-41664 Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates — Coupler 0750-0362CWE-732 7.5 High2025-09-08
CVE-2025-41672 WAGO: Vulnerability in WAGO Device Sphere — Wago Device SphereCWE-1188 10.0 Critical2025-07-07
CVE-2025-25265 Unauthenticated File Read via Web Interface — WAGO CC100 0751-9x01CWE-306 4.9 Medium2025-06-16
CVE-2025-25264 Overly Permissive CORS Policy in WAGO Device Manager — CC100 0751-9x01CWE-942 6.5 Medium2025-06-16
CVE-2025-1235 WAGO: Switches affected by year 2k38 problem — Fully Managed Switches 0852-0303CWE-190 4.3 Medium2025-06-02
CVE-2025-0101 WAGO: Year 2038 problem — CC100 0751-9x01CWE-190 6.5 Medium2025-04-16
CVE-2024-12650 Wago: Vulnerability in libwagosnmp — CC100 0751-9x01CWE-252 5.4 Medium2025-03-05
CVE-2018-25108 WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption — 750-8100 (Controller PFC100)CWE-770 7.5 High2025-01-16
CVE-2024-41974 WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple Devices — CC100 0751-9x01CWE-732 7.1 High2024-11-18
CVE-2024-41973 WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices — CC100 0751-9x01CWE-35 8.1 High2024-11-18
CVE-2024-41972 WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices — CC100 0751-9x01CWE-35 6.5 Medium2024-11-18
CVE-2024-41971 WAGO: Arbitrary File Overwrite in Multiple Devices — CC100 0751-9x01CWE-22 8.1 High2024-11-18
CVE-2024-41970 WAGO: Unauthorized Diagnostic Data Exposure in Multiple Devices — CC100 0751-9x01CWE-732 5.7 Medium2024-11-18
CVE-2024-41969 WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices — CC100 0751-9x01CWE-306 8.8 High2024-11-18
CVE-2024-41967 WAGO: Boot Mode Manipulation in Multiple Devices — CC100 0751-9x01CWE-306 8.1 High2024-11-18
CVE-2024-41968 WAGO: Docker Settings Manipulation in Multiple Devices — CC100 0751-9x01CWE-306 5.4 Medium2024-11-18

This page lists every published CVE security advisory associated with Wago. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.