UPDATE A 26.09.2023:
Changed affected Version of e!Cockpit from < 126.96.36.199 to <= 188.8.131.52
Vulnerabilities are reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations. All currently existing e!COCKPIT installation bundles and WAGO-I/O-Pro (CODESYS 2.3) installation bundles are affected with vulnerable versions of WIBU-SYSTEMS Codemeter.
Multiple WAGO devices are prone to vulnerabilites in the used CODESYS V3 framework.
A vulnerability allows Bluetooth LE pairing traffic to be sniffed and used to bypass authentication for pairing.
An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly release memory resources that were reserved for incomplete connection attempts by MODBUS clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the MODBUS server.
The “legal information” plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user.
UPDATE A 15.06.2023 :
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
The configuration backend can in some cases be used without authentication and to write data with root privileges. Additionally, the web-based management suffers a CORS misconfiguration and allows reflected XSS (Cross-Site Scripting) attacks.
An unknown and undocumented configuration interface with limited functionality was identified on the affected devices.