The MAC address filter as part of the firewall has a flaw, which prevents the MAC address filter to be active after restart. In this way a remote attacker is able to circumvent the MAC address filtering after a reboot of a device.



This Advisory is published with reference to:

  • CODESYS Advisory 2022-11 (Security update for CODESYS Control V2)
  • CODESYS Advisory 2022-12 (Security update for CODESYS V2 password transport)
  • CODESYS Advisory 2022-13 (Security update for CODESYS Gateway V2)



WAGO: FTP-Server - Denial-of-Service

The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.
See also: Siemens Advisory published October 11th, 2022 - SSA-313313



Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.



CVE-2019-9011: n/a
CVE-2020-12067: n/a
CVE-2020-12069: n/a

Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.



The Linux kernel starting from 5.8 has a flaw which can lead to privilege escalation for a local user. The kernel is used in several Versions of the FW of several WAGO products. All vulnerable PLCs are listed in chapter ‘Affected Products’.



WAGO: Web-Based Management Cross-Site Scripting

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks.



A vulnerability is reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations. All currently existing e!COCKPIT installation bundles and WAGO-I/O-Pro (CODESYS 2.3) installation bundles are affected with vulnerable versions of WIBU-SYSTEMS Codemeter.



Feeds

Nach Hersteller

Archiv

2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0