Compact Controller 100 Firmware
Monthly
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.