Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

750-8207

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

24
Related CVEsRelated VendorsRelated AssignersReports
24Vulnerabilities found
CVE-2023-1620
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-4.9||MEDIUM
EPSS-0.13% / 32.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 06:19
Updated-12 Nov, 2024 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: DoS in multiple products in multiple versions using Codesys

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

Action-Not Available
Vendor-wagoWago
Product-750-8202\/040-001_firmware750-8203_firmware750-8212\/025-002750-890\/025-000750-8213\/040-010_firmware750-8210_firmware750-8206_firmware750-8215_firmware750-8211\/040-000750-891750-890\/040-000750-831\/000-002750-831750-891_firmware750-8213\/040-010750-8208\/025-001_firmware750-8207\/025-001750-880750-8215750-8202\/000-012750-8212\/040-001_firmware750-8202\/000-022750-8216\/040-000_firmware750-8212\/040-000_firmware750-889750-8212\/000-100_firmware750-331_firmware750-8217_firmware750-8212\/025-000_firmware750-8211\/040-001750-8213750-8214_firmware750-829_firmware750-890\/025-002750-880\/040-000_firmware750-885\/025-000750-8202\/040-000750-832\/000-002750-8204750-8213_firmware750-8207_firmware750-8206\/025-001_firmware750-8204\/025-000_firmware750-890\/025-001_firmware750-832\/000-002_firmware750-8206\/040-000750-880\/025-000750-8204_firmware750-8217\/625-000_firmware750-8202\/000-012_firmware750-8212750-893_firmware750-880\/040-000750-8202\/025-001_firmware750-881750-882_firmware750-8216\/025-001_firmware750-8202_firmware750-862750-8207750-8217\/025-000_firmware750-832_firmware750-8206750-8208_firmware750-8207\/025-000_firmware750-885\/025-000_firmware750-8207\/025-000750-8211\/040-001_firmware750-885750-8216\/025-000_firmware750-8216750-890\/040-000_firmware750-8212\/000-100750-8216\/025-001750-8210\/040-000_firmware750-8210\/025-000750-880_firmware750-8206\/040-001750-8207\/025-001_firmware750-8216_firmware750-8202\/040-001750-8206\/025-000750-8212\/025-002_firmware750-880\/025-001_firmware750-8212_firmware750-8202\/025-000_firmware750-8208750-8211\/040-000_firmware750-881_firmware750-8217\/025-000750-8212\/025-001_firmware750-890\/025-002_firmware750-885_firmware750-890\/025-000_firmware750-8212\/040-010_firmware750-8202\/000-011_firmware750-8208\/025-000_firmware750-880\/025-002_firmware750-893750-8212\/040-001750-8211_firmware750-8206\/040-001_firmware750-8208\/025-001750-852_firmware750-8208\/025-000750-8212\/040-010750-8212\/040-000750-890_firmware750-880\/025-001750-8217\/625-000750-8203750-890\/025-001750-823750-8214750-8202750-8210\/040-000750-8217\/600-000_firmware750-8203\/025-000_firmware750-8203\/025-000750-823_firmware750-8202\/025-002750-8210\/025-000_firmware750-8206\/040-000_firmware750-889_firmware750-890750-832750-8211750-862_firmware750-8202\/025-002_firmware750-880\/025-000_firmware750-880\/025-002750-8204\/025-000750-8212\/025-000750-331750-8202\/025-000750-8206\/025-000_firmware750-829750-8212\/025-001750-8202\/000-022_firmware750-8216\/040-000750-831_firmware750-8202\/000-011750-8217\/600-000750-8206\/025-001750-8202\/025-001750-8216\/025-000750-8202\/040-000_firmware750-882750-831\/000-002_firmware750-852750-8217750-8210750-332750-890/xxx-xxx750-831/xxx-xxx750-880/xxx-xxx750-331750-8203/xxx-xxx750-885/xxx-xxx750-8207/xxx-xxx750-8206/xxx-xxx750-829750-823750-8211/xxx-xxx750-8204/xxx-xxx750-893750-881750-8217/xxx-xxx750-8216/xxx-xxx750-8213/xxx-xxx750-8210/xxx-xxx750-882750-832/xxx-xxx750-891750-862750-889750-8212/xxx-xxx750-852750-8202/xxx-xxx750-8214/xxx-xxx750-8208/xxx-xxx
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CVE-2023-1619
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-4.9||MEDIUM
EPSS-0.17% / 39.02%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 06:18
Updated-02 Oct, 2024 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: DoS in multiple versions of multiple products

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

Action-Not Available
Vendor-wagoWago
Product-750-8202\/040-001_firmware750-8203_firmware750-8212\/025-002750-890\/025-000750-8213\/040-010_firmware750-8210_firmware750-8206_firmware750-8215_firmware750-8211\/040-000750-891750-890\/040-000750-831\/000-002750-831750-891_firmware750-8213\/040-010750-8208\/025-001_firmware750-8207\/025-001750-880750-8215750-8202\/000-012750-8212\/040-001_firmware750-8202\/000-022750-8216\/040-000_firmware750-8212\/040-000_firmware750-889750-8212\/000-100_firmware750-331_firmware750-8217_firmware750-8212\/025-000_firmware750-8211\/040-001750-8213750-8214_firmware750-829_firmware750-890\/025-002750-880\/040-000_firmware750-885\/025-000750-8202\/040-000750-832\/000-002750-8204750-8213_firmware750-8207_firmware750-8206\/025-001_firmware750-8204\/025-000_firmware750-890\/025-001_firmware750-832\/000-002_firmware750-8206\/040-000750-880\/025-000750-8204_firmware750-8217\/625-000_firmware750-8202\/000-012_firmware750-8212750-893_firmware750-880\/040-000750-8202\/025-001_firmware750-881750-882_firmware750-8216\/025-001_firmware750-8202_firmware750-862750-8207750-8217\/025-000_firmware750-832_firmware750-8206750-8208_firmware750-8207\/025-000_firmware750-885\/025-000_firmware750-8207\/025-000750-8211\/040-001_firmware750-885750-8216\/025-000_firmware750-8216750-890\/040-000_firmware750-8212\/000-100750-8216\/025-001750-8210\/040-000_firmware750-8210\/025-000750-880_firmware750-8206\/040-001750-8207\/025-001_firmware750-8216_firmware750-8202\/040-001750-8206\/025-000750-8212\/025-002_firmware750-880\/025-001_firmware750-8212_firmware750-8202\/025-000_firmware750-8208750-8211\/040-000_firmware750-881_firmware750-8217\/025-000750-8212\/025-001_firmware750-890\/025-002_firmware750-885_firmware750-890\/025-000_firmware750-8212\/040-010_firmware750-8202\/000-011_firmware750-8208\/025-000_firmware750-880\/025-002_firmware750-893750-8212\/040-001750-8211_firmware750-8206\/040-001_firmware750-8208\/025-001750-852_firmware750-8208\/025-000750-8212\/040-010750-8212\/040-000750-890_firmware750-880\/025-001750-8217\/625-000750-8203750-890\/025-001750-823750-8214750-8202750-8210\/040-000750-8217\/600-000_firmware750-8203\/025-000_firmware750-8203\/025-000750-823_firmware750-8202\/025-002750-8210\/025-000_firmware750-8206\/040-000_firmware750-889_firmware750-890750-832750-8211750-862_firmware750-8202\/025-002_firmware750-880\/025-000_firmware750-880\/025-002750-8204\/025-000750-8212\/025-000750-331750-8202\/025-000750-8206\/025-000_firmware750-829750-8212\/025-001750-8202\/000-022_firmware750-8216\/040-000750-831_firmware750-8202\/000-011750-8217\/600-000750-8206\/025-001750-8202\/025-001750-8216\/025-000750-8202\/040-000_firmware750-882750-831\/000-002_firmware750-852750-8217750-8210750-332750-890/xxx-xxx750-831/xxx-xxx750-880/xxx-xxx750-331750-8203/xxx-xxx750-885/xxx-xxx750-8207/xxx-xxx750-8206/xxx-xxx750-829750-823750-8211/xxx-xxx750-8204/xxx-xxx750-893750-881750-8217/xxx-xxx750-8216/xxx-xxx750-8213/xxx-xxx750-8210/xxx-xxx750-882750-832/xxx-xxx750-891750-862750-889750-8212/xxx-xxx750-852750-8202/xxx-xxx750-8214/xxx-xxx750-8208/xxx-xxx
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CVE-2020-12069
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-05 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V3 prone to Inadequate Password Hashing

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Action-Not Available
Vendor-festopilzwagoCODESYS GmbH
Product-750-8212_firmware762-6301\/8000-002controller_cecc-lk750-8204750-8215_firmware762-4203\/8000-001control_for_plcnext762-6204\/8000-001_firmware750-8214_firmware750-8203_firmwarecontroller_cecc-dcontroller_cecc-scontrol_for_empc-a\/imx6control_for_pfc100750-8216_firmware762-5204\/8000-001_firmware762-4302\/8000-002762-5203\/8000-001_firmware750-8217750-8213_firmware762-6202\/8000-001762-6203\/8000-001762-4301\/8000-002762-4303\/8000-002_firmware762-5205\/8000-001_firmware750-8102_firmware750-8210762-4304\/8000-002750-8211_firmware750-8100762-6201\/8000-001_firmware762-5303\/8000-002_firmware762-6202\/8000-001_firmwarecontrol_for_iot2000762-4306\/8000-002762-4306\/8000-002_firmwarecontrol_win_v3762-6203\/8000-001_firmware762-5305\/8000-002_firmware750-8101750-8213750-8211control_rte_v3762-4201\/8000-001762-4301\/8000-002_firmwarecontrol_for_raspberry_pi762-5206\/8000-001762-4205\/8000-001_firmware762-6304\/8000-002_firmware762-4203\/8000-001_firmware762-5306\/8000-002752-8303\/8000-0002_firmware750-8206762-4304\/8000-002_firmware762-5203\/8000-001control_v3_runtime_system_toolkit750-8216762-5305\/8000-002v3_simulation_runtime750-8212762-4206\/8000-001750-8206_firmware762-6301\/8000-002_firmware762-6204\/8000-001762-4302\/8000-002_firmware750-8202_firmware762-5306\/8000-002_firmwarecontroller_cecc-d_firmware762-6304\/8000-002750-8207762-4305\/8000-002_firmware750-8100_firmwarecontrol_for_beaglebone762-6201\/8000-001controller_cecc-lk_firmware762-4202\/8000-001762-6303\/8000-002762-4206\/8000-002762-5303\/8000-002750-8217_firmware762-5206\/8000-001_firmware762-4205\/8000-001762-4206\/8000-002_firmware750-8202hmi_v3762-4206\/8000-001_firmware762-4201\/8000-001_firmware762-4205\/8000-002_firmware762-5204\/8000-001762-6302\/8000-002_firmware750-8210_firmware762-4204\/8000-001_firmware750-8102762-6302\/8000-002762-4305\/8000-002752-8303\/8000-0002750-8207_firmware762-4202\/8000-001_firmwarecontrol_for_linuxcontroller_cecc-s_firmware762-4204\/8000-001750-8214750-8101_firmwarecontrol_for_pfc200762-5304\/8000-002762-6303\/8000-002_firmware750-8215750-8204_firmware762-4303\/8000-002pmc750-8203762-5205\/8000-001762-4205\/8000-002762-5304\/8000-002_firmwareCODESYS V3 containing the CmpUserMgr
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2022-3281
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.82%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 08:20
Updated-10 May, 2025 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: multiple products - Loss of MAC-Address-Filtering after reboot

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter.

Action-Not Available
Vendor-wagoWAGO
Product-750-8212\/025-002750-8102\/025-000_firmware762-4303\/8000-002762-4304\/8000-002_firmware762-4301\/8000-002751-9301762-4301\/8000-002_firmware750-8213\/040-010_firmware750-8210_firmware762-4205\/8000-001762-4203\/8000-001_firmware762-5203\/8000-001762-5306\/8000-002_firmware750-8206_firmware750-8215_firmware750-8211\/040-000762-4203\/8000-001762-4101_firmware762-4204\/8000-001762-5305\/8000-002_firmware762-6303\/8000-002_firmware762-5304\/8000-002_firmware762-4103_firmware762-6302\/8000-002762-6204\/8000-001_firmware750-8213\/040-010750-8208\/025-001_firmware750-8207\/025-001751-9301_firmware750-8215750-8202\/000-012750-8212\/040-001_firmware762-4201\/8000-001_firmware762-4102750-8202\/000-022762-5204\/8000-001750-8216\/040-000_firmware750-8212\/040-000_firmware750-8212\/000-100_firmware762-5203\/8000-001_firmware750-8217_firmware762-6304\/8000-002750-8212\/025-000_firmware762-4304\/8000-002762-5205\/8000-001750-8213750-8214_firmware762-5205\/8000-001_firmware762-4101750-8202\/040-000762-5303\/8000-002_firmware750-8213_firmware750-8207_firmware762-4104750-8206\/025-001_firmware762-4302\/8000-002762-6303\/8000-002750-8206\/040-000762-5206\/8000-001_firmware750-8217\/625-000_firmware762-4104_firmware750-8100750-8202\/000-012_firmware750-8212750-8100_firmware762-5304\/8000-002750-8216\/025-001_firmware762-6203\/8000-001762-6202\/8000-001752-8303\/8000-002_firmware750-8207750-8217\/025-000_firmware762-4204\/8000-001_firmware762-5305\/8000-002762-4206\/8000-001_firmware750-8206750-8208_firmware750-8207\/025-000_firmware750-8102750-8207\/025-000762-6301\/8000-002_firmware750-8216\/025-000_firmware750-8216750-8101_firmware750-8212\/000-100750-8216\/025-001750-8210\/040-000_firmware762-5303\/8000-002750-8210\/025-000750-8206\/040-001750-8207\/025-001_firmware750-8216_firmware750-8101\/025-000_firmware750-8102_firmware750-8206\/025-000750-8212\/025-002_firmware762-4303\/8000-002_firmware750-8212_firmware762-4102_firmware750-8208762-6302\/8000-002_firmware750-8211\/040-000_firmware750-8217\/025-000750-8212\/025-001_firmware762-5206\/8000-001750-8212\/040-010_firmware750-8202\/000-011_firmware750-8208\/025-000_firmware750-8212\/040-001750-8211_firmware750-8206\/040-001_firmware762-4202\/8000-001_firmware750-8101\/025-000762-4302\/8000-002_firmware750-8208\/025-001762-4205\/8000-001_firmware762-6203\/8000-001_firmware762-5204\/8000-001_firmware750-8208\/025-000750-8212\/040-010750-8212\/040-000762-5306\/8000-002750-8217\/625-000750-8214750-8210\/040-000750-8217\/600-000_firmware762-6304\/8000-002_firmware750-8210\/025-000_firmware750-8206\/040-000_firmware750-8101\/000-010750-8101\/000-010_firmware762-6301\/8000-002750-8211762-6201\/8000-001_firmware750-8101750-8102\/025-000762-4202\/8000-001762-6201\/8000-001750-8212\/025-000762-6202\/8000-001_firmware762-4103750-8206\/025-000_firmware750-8212\/025-001750-8202\/000-022_firmware750-8216\/040-000752-8303\/8000-002750-8202\/000-011750-8217\/600-000762-4201\/8000-001750-8206\/025-001750-8216\/025-000762-4206\/8000-001750-8202\/040-000_firmware750-8217762-6204\/8000-001750-8210752-8303/8000-002 Edge Controller762-4xxx Series Touch Panel 600Compact Controller CC100762-5xxx Series Touch Panel 600750-82xx/xxx-xxx Series PFC100/PFC200750-8217/xxx-xxx Series PFC100/PFC200762-6xxx Series Touch Panel 600750-81xx/xxx-xxx Series PFC100/PFC200
CWE ID-CWE-440
Expected Behavior Violation
CVE-2021-34596
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.43%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2021-34595
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.1||HIGH
EPSS-0.47% / 63.70%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2021-34593
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.59% / 80.91%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8217_firmware750-8202runtime_toolkit750-8203750-8211750-8212750-8206_firmware750-8202_firmware750-8208_firmware750-8216750-8206750-8207750-8214750-8214_firmware750-8208750-8210_firmware750-8213_firmware750-8204_firmware750-8212_firmwareplcwinnt750-8204750-8210750-8213750-8216_firmware750-8217750-8211_firmware750-8203_firmware750-8207_firmwareCODESYS V2
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-34586
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.69%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34585
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-34584
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.1||CRITICAL
EPSS-0.61% / 68.68%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS)

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-126
Buffer Over-read
CVE-2021-34583
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-3.82% / 87.67%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30195
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30188
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.60%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203v2_runtime_system_sp750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30186
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.81%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30194
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 66.20%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30193
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.20%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30192
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.20%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CVE-2021-30191
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.32%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-30190
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.59%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-30189
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.60%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30187
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.10%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 11:47
Updated-15 Aug, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21001
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 46.75%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 11:05
Updated-15 Aug, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: PFC200 Access to files outside the home directory

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

Action-Not Available
Vendor-wagoWAGO
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmware750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareSeries Ethernet ControllerSeries PFC200 Controller
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21000
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.19%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 11:05
Updated-15 Aug, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: PFC200 Denial of Service due to the number of connections to the runtime

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

Action-Not Available
Vendor-wagoWAGO
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmware750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareSeries Ethernet ControllerSeries PFC200 Controller
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-5459
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 75.47%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.

Action-Not Available
Vendor-wagon/a
Product-750-8208750-8206pfc200_firmware750-8204\/025-000750-8203750-8202\/025-000750-8207\/025-000pfc200750-8204750-8202750-8207\/025-001750-8203\/025-000750-8206\/025-001750-8202\/025-001750-8202\/025-002750-8202\/040-001750-8206\/025-000750-8208\/025-000750-8207WAGO PFC200 Series
CWE ID-CWE-287
Improper Authentication