Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

750-881_firmware

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

27
Related CVEsRelated VendorsRelated AssignersReports
28Vulnerabilities found
CVE-2015-10123
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 08:31
Updated-23 Oct, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wago: Buffer Copy without Checking Size of Input in wbm of multiple products

An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.

Action-Not Available
Vendor-WAGOwago
Product-Controller BACnet MS/TPController BACnet/IPFieldbus Coupler Ethernet 3rd GenerationEthernet Controller 3rd Generation750-882_firmware750-352_firmware750-881_firmware750-880_firmware750-829_firmware750-889_firmware750-885_firmware750-884_firmware750-852_firmware750-831_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-1620
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-4.9||MEDIUM
EPSS-0.13% / 32.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 06:19
Updated-12 Nov, 2024 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: DoS in multiple products in multiple versions using Codesys

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

Action-Not Available
Vendor-wagoWago
Product-750-8202\/040-001_firmware750-8203_firmware750-8212\/025-002750-890\/025-000750-8213\/040-010_firmware750-8210_firmware750-8206_firmware750-8215_firmware750-8211\/040-000750-891750-890\/040-000750-831\/000-002750-831750-891_firmware750-8213\/040-010750-8208\/025-001_firmware750-8207\/025-001750-880750-8215750-8202\/000-012750-8212\/040-001_firmware750-8202\/000-022750-8216\/040-000_firmware750-8212\/040-000_firmware750-889750-8212\/000-100_firmware750-331_firmware750-8217_firmware750-8212\/025-000_firmware750-8211\/040-001750-8213750-8214_firmware750-829_firmware750-890\/025-002750-880\/040-000_firmware750-885\/025-000750-8202\/040-000750-832\/000-002750-8204750-8213_firmware750-8207_firmware750-8206\/025-001_firmware750-8204\/025-000_firmware750-890\/025-001_firmware750-832\/000-002_firmware750-8206\/040-000750-880\/025-000750-8204_firmware750-8217\/625-000_firmware750-8202\/000-012_firmware750-8212750-893_firmware750-880\/040-000750-8202\/025-001_firmware750-881750-882_firmware750-8216\/025-001_firmware750-8202_firmware750-862750-8207750-8217\/025-000_firmware750-832_firmware750-8206750-8208_firmware750-8207\/025-000_firmware750-885\/025-000_firmware750-8207\/025-000750-8211\/040-001_firmware750-885750-8216\/025-000_firmware750-8216750-890\/040-000_firmware750-8212\/000-100750-8216\/025-001750-8210\/040-000_firmware750-8210\/025-000750-880_firmware750-8206\/040-001750-8207\/025-001_firmware750-8216_firmware750-8202\/040-001750-8206\/025-000750-8212\/025-002_firmware750-880\/025-001_firmware750-8212_firmware750-8202\/025-000_firmware750-8208750-8211\/040-000_firmware750-881_firmware750-8217\/025-000750-8212\/025-001_firmware750-890\/025-002_firmware750-885_firmware750-890\/025-000_firmware750-8212\/040-010_firmware750-8202\/000-011_firmware750-8208\/025-000_firmware750-880\/025-002_firmware750-893750-8212\/040-001750-8211_firmware750-8206\/040-001_firmware750-8208\/025-001750-852_firmware750-8208\/025-000750-8212\/040-010750-8212\/040-000750-890_firmware750-880\/025-001750-8217\/625-000750-8203750-890\/025-001750-823750-8214750-8202750-8210\/040-000750-8217\/600-000_firmware750-8203\/025-000_firmware750-8203\/025-000750-823_firmware750-8202\/025-002750-8210\/025-000_firmware750-8206\/040-000_firmware750-889_firmware750-890750-832750-8211750-862_firmware750-8202\/025-002_firmware750-880\/025-000_firmware750-880\/025-002750-8204\/025-000750-8212\/025-000750-331750-8202\/025-000750-8206\/025-000_firmware750-829750-8212\/025-001750-8202\/000-022_firmware750-8216\/040-000750-831_firmware750-8202\/000-011750-8217\/600-000750-8206\/025-001750-8202\/025-001750-8216\/025-000750-8202\/040-000_firmware750-882750-831\/000-002_firmware750-852750-8217750-8210750-332750-890/xxx-xxx750-831/xxx-xxx750-880/xxx-xxx750-331750-8203/xxx-xxx750-885/xxx-xxx750-8207/xxx-xxx750-8206/xxx-xxx750-829750-823750-8211/xxx-xxx750-8204/xxx-xxx750-893750-881750-8217/xxx-xxx750-8216/xxx-xxx750-8213/xxx-xxx750-8210/xxx-xxx750-882750-832/xxx-xxx750-891750-862750-889750-8212/xxx-xxx750-852750-8202/xxx-xxx750-8214/xxx-xxx750-8208/xxx-xxx
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CVE-2023-1619
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-4.9||MEDIUM
EPSS-0.17% / 39.02%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 06:18
Updated-02 Oct, 2024 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: DoS in multiple versions of multiple products

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

Action-Not Available
Vendor-wagoWago
Product-750-8202\/040-001_firmware750-8203_firmware750-8212\/025-002750-890\/025-000750-8213\/040-010_firmware750-8210_firmware750-8206_firmware750-8215_firmware750-8211\/040-000750-891750-890\/040-000750-831\/000-002750-831750-891_firmware750-8213\/040-010750-8208\/025-001_firmware750-8207\/025-001750-880750-8215750-8202\/000-012750-8212\/040-001_firmware750-8202\/000-022750-8216\/040-000_firmware750-8212\/040-000_firmware750-889750-8212\/000-100_firmware750-331_firmware750-8217_firmware750-8212\/025-000_firmware750-8211\/040-001750-8213750-8214_firmware750-829_firmware750-890\/025-002750-880\/040-000_firmware750-885\/025-000750-8202\/040-000750-832\/000-002750-8204750-8213_firmware750-8207_firmware750-8206\/025-001_firmware750-8204\/025-000_firmware750-890\/025-001_firmware750-832\/000-002_firmware750-8206\/040-000750-880\/025-000750-8204_firmware750-8217\/625-000_firmware750-8202\/000-012_firmware750-8212750-893_firmware750-880\/040-000750-8202\/025-001_firmware750-881750-882_firmware750-8216\/025-001_firmware750-8202_firmware750-862750-8207750-8217\/025-000_firmware750-832_firmware750-8206750-8208_firmware750-8207\/025-000_firmware750-885\/025-000_firmware750-8207\/025-000750-8211\/040-001_firmware750-885750-8216\/025-000_firmware750-8216750-890\/040-000_firmware750-8212\/000-100750-8216\/025-001750-8210\/040-000_firmware750-8210\/025-000750-880_firmware750-8206\/040-001750-8207\/025-001_firmware750-8216_firmware750-8202\/040-001750-8206\/025-000750-8212\/025-002_firmware750-880\/025-001_firmware750-8212_firmware750-8202\/025-000_firmware750-8208750-8211\/040-000_firmware750-881_firmware750-8217\/025-000750-8212\/025-001_firmware750-890\/025-002_firmware750-885_firmware750-890\/025-000_firmware750-8212\/040-010_firmware750-8202\/000-011_firmware750-8208\/025-000_firmware750-880\/025-002_firmware750-893750-8212\/040-001750-8211_firmware750-8206\/040-001_firmware750-8208\/025-001750-852_firmware750-8208\/025-000750-8212\/040-010750-8212\/040-000750-890_firmware750-880\/025-001750-8217\/625-000750-8203750-890\/025-001750-823750-8214750-8202750-8210\/040-000750-8217\/600-000_firmware750-8203\/025-000_firmware750-8203\/025-000750-823_firmware750-8202\/025-002750-8210\/025-000_firmware750-8206\/040-000_firmware750-889_firmware750-890750-832750-8211750-862_firmware750-8202\/025-002_firmware750-880\/025-000_firmware750-880\/025-002750-8204\/025-000750-8212\/025-000750-331750-8202\/025-000750-8206\/025-000_firmware750-829750-8212\/025-001750-8202\/000-022_firmware750-8216\/040-000750-831_firmware750-8202\/000-011750-8217\/600-000750-8206\/025-001750-8202\/025-001750-8216\/025-000750-8202\/040-000_firmware750-882750-831\/000-002_firmware750-852750-8217750-8210750-332750-890/xxx-xxx750-831/xxx-xxx750-880/xxx-xxx750-331750-8203/xxx-xxx750-885/xxx-xxx750-8207/xxx-xxx750-8206/xxx-xxx750-829750-823750-8211/xxx-xxx750-8204/xxx-xxx750-893750-881750-8217/xxx-xxx750-8216/xxx-xxx750-8213/xxx-xxx750-8210/xxx-xxx750-882750-832/xxx-xxx750-891750-862750-889750-8212/xxx-xxx750-852750-8202/xxx-xxx750-8214/xxx-xxx750-8208/xxx-xxx
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CVE-2021-34596
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.43%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2021-34595
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.1||HIGH
EPSS-0.47% / 63.70%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2021-34586
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.69%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34585
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-34584
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.1||CRITICAL
EPSS-0.61% / 68.68%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS)

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-126
Buffer Over-read
CVE-2021-34583
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-3.82% / 87.67%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34581
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.58% / 80.85%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 10:33
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: Denial of Service vulnerability inside the OpenSSL implementation

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

Action-Not Available
Vendor-wagoWAGO
Product-750-831\/000-002750-881_firmware750-880\/040-000750-880\/025-001750-880\/040-000_firmware750-831750-880\/025-002_firmware750-881750-831_firmware750-880750-889_firmware750-880_firmware750-880\/025-000_firmware750-831\/000-002_firmware750-880\/025-000750-889750-880\/025-001_firmware750-880\/025-002750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-30195
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30188
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.60%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203v2_runtime_system_sp750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30186
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.81%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30194
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 66.20%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30193
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.20%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30192
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.20%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CVE-2021-30191
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.32%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-30190
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.59%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-30189
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.60%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30187
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.10%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 11:47
Updated-15 Aug, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21001
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 46.75%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 11:05
Updated-15 Aug, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: PFC200 Access to files outside the home directory

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.

Action-Not Available
Vendor-wagoWAGO
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmware750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareSeries Ethernet ControllerSeries PFC200 Controller
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21000
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.19%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 11:05
Updated-15 Aug, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: PFC200 Denial of Service due to the number of connections to the runtime

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

Action-Not Available
Vendor-wagoWAGO
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmware750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareSeries Ethernet ControllerSeries PFC200 Controller
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-12516
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.52%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 03:04
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: PLC families 750-88x and 750-352 prone to DoS attack

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

Action-Not Available
Vendor-wagoWAGO
Product-750-352750-881_firmware750-829_firmware750-331750-885_firmware750-829750-885750-831750-881750-831_firmware750-880750-882_firmware750-352_firmware750-880_firmware750-889_firmware750-882750-852_firmware750-852750-889750-331_firmware750-331/xxx-xxx750-352750-831/xxx-xxx750-889750-880/xxx-xxx750-882750-829750-885750-852750-881
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12505
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.2||HIGH
EPSS-0.27% / 50.08%
||
7 Day CHG~0.00%
Published-30 Sep, 2020 | 15:43
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.

Action-Not Available
Vendor-wagoWAGO
Product-750-882_firmware750-881_firmware750-880_firmware750-889_firmware750-889750-882750-885_firmware750-831750-885750-852_firmware750-852750-881750-831_firmware750-880750-831/xxx-xxx750-889750-880/xxx-xxx750-882750-885/xxx-xxx750-852750-881
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-10712
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 75.84%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 21:20
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.

Action-Not Available
Vendor-wagon/a
Product-750-829_firmware750-330_firmware750-330750-885750-873_firmware750-830_firmware750-352_firmware750-880_firmware750-889_firmware750-884_firmware750-872750-849750-830750-871_firmware750-352750-881_firmware750-885_firmware750-829750-831750-873750-881750-831_firmware750-880750-882_firmware750-882750-849_firmware750-872_firmware750-852_firmware750-852750-889750-884750-871n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-16210
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.08%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 20:00
Updated-13 Jun, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.

Action-Not Available
Vendor-wagon/a
Product-750-352_firmware750-889750-881_firmware750-363750-823_firmware750-889_firmware750-852750-891_firmware750-890750-862750-880_firmware750-352750-881wago_750-881_ethernet_controller_devices750-832_firmware750-831750-890_firmwarewago_750-881_ethernet_controller_devices_firmware750-862_firmware750-852_firmware750-880750-831_firmware750-832750-362_firmware750-891750-362750-823750-363_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8836
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-3.32% / 86.76%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 13:00
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.

Action-Not Available
Vendor-wagoWAGO
Product-750-881_firmware750-829_firmware750-885_firmware750-829750-885750-831750-881750-831_firmware750-880750-882_firmware750-880_firmware750-889_firmware750-882750-852_firmware750-852750-889WAGO 750 Series
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2015-6472
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.27% / 78.64%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.

Action-Not Available
Vendor-wagon/a
Product-750-849750-849_firmware758-870_firmware750-881_firmware750-881758-870n/a