Pfc100 firmware

This hub aggregates every CVE we track for Pfc100 firmware, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 13 most recently published vulnerabilities affecting Pfc100 firmware.

• CVE-2023-3379WAGO: Improper Privilege Management in web-based management5.3Nov 20, 2023
• CVE-2023-4089WAGO: Multiple products vulnerable to local file inclusion2.7Oct 17, 2023
• CVE-2023-1698WAGO: WBM Command Injection in multiple products9.8May 15, 2023
• CVE-2022-45140WAGO: Missing Authentication for Critical Function 9.8Feb 27, 2023
• CVE-2022-45139WAGO: Origin validation error through CORS misconfiguration5.3Feb 27, 2023
• CVE-2022-45138WAGO: Missing Authentication for Critical Function9.8Feb 27, 2023
• CVE-2022-45137WAGO: Reflective Cross-Site Scripting6.1Feb 27, 2023
• CVE-2022-3738WAGO: Missing authentication for config export functionality in multiple products5.9Jan 19, 2023
• CVE-2019-5134An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO...7.5Mar 10, 2020
• CVE-2019-5135An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application make...5.3Mar 10, 2020
• CVE-2019-5149The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intende...7.5Mar 10, 2020
• CVE-2019-5082An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and...9.8Jan 8, 2020
• CVE-2019-10953ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack du...7.5Apr 17, 2019