Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Wago — Vulnerabilities & Security Advisories 96

Browse all 96 CVE security advisories affecting Wago. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WAGO specializes in automation technology, primarily manufacturing programmable logic controllers and I/O systems for industrial environments. With 96 recorded Common Vulnerabilities and Exposures, the company’s products have historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from weak authentication mechanisms, insecure default configurations, and insufficient input validation within web-based management interfaces. Notable incidents include critical flaws allowing unauthenticated attackers to execute arbitrary commands or bypass access controls, potentially disrupting industrial operations. The high volume of CVEs reflects the complexity of embedded systems and the evolving threat landscape targeting operational technology. While WAGO releases security updates, the persistent nature of these issues highlights ongoing challenges in securing legacy industrial infrastructure against sophisticated cyber threats.

Top products by Wago: WAGO PFC200 WAGO PFC200 Firmware CC100 0751-9x01 0852-0303 Compact Controller CC100 (751-9301) WAGO e!Cockpit 750-81xx/xxx-xxxFW 0852-1322 Series PFC200 Controller Controller BACnet/IP Indsutrial-Managed-Switches Device Sphere Compact Controller CC100 750-8202/xxx-xxx CC100 0751-9301 Smart Designer Fully Managed Switches 0852-0303 WAGO CC100 0751-9x01 Wago Device Sphere Coupler 0750-0362 Solution Builder WAGO 750 Series WAGO 750-8212 PFC200 CC100 (0751-9x01) Lean Managed Switch 852-1812 750-8100 (Controller PFC100) Telecontrol Configurator Industrial Managed Switch (0852-0602) Compact Controller 100 (751-9301) 750-332
CVE IDTitleCVSSSeverityPublished
CVE-2018-25090 Wago: Improper Neutralization of Input During Web Page Generation in multiple devices — Controller BACnet/IPCWE-79 5.4 Medium2024-03-13
CVE-2015-10123 Wago: Buffer Copy without Checking Size of Input in wbm of multiple products — Controller BACnet/IPCWE-120 8.8 High2024-03-13
CVE-2023-5188 WAGO Improper Input Validation in IEC61850 Server / Telecontrol — Telecontrol ConfiguratorCWE-20 7.5 High2023-12-05
CVE-2023-4149 WAGO: OS Command Injection Vulnerability in Managed Switch — Industrial Managed Switch (0852-0602)CWE-78 9.8 Critical2023-11-21
CVE-2023-3379 WAGO: Improper Privilege Management in web-based management — Compact Controller 100 (751-9301)CWE-863 5.3 Medium2023-11-20
CVE-2023-4089 WAGO: Multiple products vulnerable to local file inclusion — Compact Controller CC100CWE-610 2.7 Low2023-10-17
CVE-2023-1150 WAGO: Series 750-3x/-8x prone to MODBUS server DoS — 750-332CWE-772 7.5 High2023-06-26
CVE-2023-1620 WAGO: DoS in multiple products in multiple versions using Codesys — 750-8202/xxx-xxxCWE-1288 4.9 Medium2023-06-26
CVE-2023-1619 WAGO: DoS in multiple versions of multiple products — 750-8202/xxx-xxxCWE-1288 4.9 Medium2023-06-26
CVE-2023-1698 WAGO: WBM Command Injection in multiple products — Compact Controller CC100CWE-78 9.8 Critical2023-05-15
CVE-2022-45140 WAGO: Missing Authentication for Critical Function — Compact Controller CC100 (751-9301)CWE-306 9.8 Critical2023-02-27
CVE-2022-45139 WAGO: Origin validation error through CORS misconfiguration — Compact Controller CC100 (751-9301)CWE-346 5.3 Medium2023-02-27
CVE-2022-45138 WAGO: Missing Authentication for Critical Function — Compact Controller CC100 (751-9301)CWE-306 9.8 Critical2023-02-27
CVE-2022-45137 WAGO: Reflective Cross-Site Scripting — Compact Controller CC100 (751-9301)CWE-79 6.1 Medium2023-02-27
CVE-2022-3843 WAGO: Exposure of configuration interface in unmanaged switches — Unmanaged Switch 852-111/000-001CWE-912 9.1 Critical2023-02-16
CVE-2022-3738 WAGO: Missing authentication for config export functionality in multiple products — Series WAGO PFC100CWE-306 5.9 Medium2023-01-19
CVE-2021-34569 WAGO I/O-Check Service prone to Out-of-bounds Write — 750-81xx/xxx-xxxFWCWE-787 9.8 Critical2022-11-09
CVE-2021-34568 WAGO I/O-Check Service prone to Allocation of Resources Without Limits or Throttling — 750-81xx/xxx-xxxFWCWE-770 7.5 High2022-11-09
CVE-2021-34567 WAGO I/O-Check Service prone to Out-of-bounds Read — 750-81xx/xxx-xxxFWCWE-125 8.2 High2022-11-09
CVE-2021-34566 WAGO I/O-Check Service prone to Memory Overflow — 750-81xx/xxx-xxxFWCWE-120 9.1 Critical2022-11-09
CVE-2022-3281 WAGO: multiple products - Loss of MAC-Address-Filtering after reboot — 750-81xx/xxx-xxx Series PFC100/PFC200CWE-440 7.5 High2022-10-17
CVE-2022-22511 WAGO PLCs WBM vulnerable to reflected XSS — Compact Controller CC100 (751-9301)CWE-79 5.4 Medium2022-03-09
CVE-2021-34581 WAGO: Denial of Service vulnerability inside the OpenSSL implementation — 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889CWE-772 7.5 High2021-08-31
CVE-2021-34578 WAGO: Authentication Vulnerability in Web-Based Management — PLCCWE-287 9.8 Critical2021-08-31
CVE-2021-21001 WAGO: PFC200 Access to files outside the home directory — Series PFC200 ControllerCWE-22 9.1 Critical2021-05-24
CVE-2021-21000 WAGO: PFC200 Denial of Service due to the number of connections to the runtime — Series PFC200 ControllerCWE-770 5.3 Medium2021-05-24
CVE-2021-20998 WAGO: Managed Switches: Unauthorized creation of user accounts — 0852-0303CWE-306 10.0 Critical2021-05-13
CVE-2021-20997 WAGO: Managed Switches: Unauthorized access to password hashes — 0852-0303CWE-522 7.5 High2021-05-13
CVE-2021-20996 WAGO: Managed Switches: Unsecure Cookie settings — 0852-0303CWE-732 5.3 Medium2021-05-13
CVE-2021-20995 WAGO: Managed Switches: Storage of user credentials in a cookie — 0852-0303CWE-312 5.3 Medium2021-05-13

This page lists every published CVE security advisory associated with Wago. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.