Wago — Vulnerabilities & Security Advisories 96

Browse all 96 CVE security advisories affecting Wago. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Paused
CVE-2023-5872	Wago: Vulnerability in Smart Designer Web-Application — Smart DesignerCWE-203	4.3	Medium	2026-04-16
CVE-2024-1490	Wago: Vulnerability in WBM through Open VPN — CC100 (0751-9x01)CWE-94	7.2	High	2026-04-09
CVE-2026-2328	Backend Access Due to Insufficient Input Validation — Device SphereCWE-790	7.5	High	2026-03-30
CVE-2026-3587	Hidden CLI Function Allows Root Access — Lean Managed Switch 852-1812CWE-912	10.0	Critical	2026-03-23
CVE-2026-22906	Hardcoded Key Allows Credential Disclosure — 0852-1322CWE-321	9.8	Critical	2026-02-09
CVE-2026-22905	Authentication Bypass via URI Traversal — 0852-1322CWE-22	7.5	High	2026-02-09
CVE-2026-22904	Stack Overflow via Oversized Cookie Fields in lighttpd — 0852-1322CWE-121	9.8	Critical	2026-02-09
CVE-2026-22903	Stack Overflow via SESSIONID Cookie in lighttpd — 0852-1322CWE-121	9.8	Critical	2026-02-09
CVE-2022-50926	WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation — WAGO 750-8212 PFC200CWE-565	9.8	Critical	2026-01-13
CVE-2025-41732	Stack-based buffer overflow via unsafe sscanf in check_cookie() — Indsutrial-Managed-SwitchesCWE-121	9.8	Critical	2025-12-10
CVE-2025-41730	Stack-based buffer overflow via unsafe sscanf in check_account() — Indsutrial-Managed-SwitchesCWE-121	9.8	Critical	2025-12-10
CVE-2025-41716	Unauthenticated User Enumeration via Missing Authentication — Solution BuilderCWE-306	5.3	Medium	2025-09-24
CVE-2025-41715	Missing Authentication for Database Access in Web Application — Device SphereCWE-306	9.8	Critical	2025-09-24
CVE-2025-41713	WAGO: Vulnerability in hardware switch circuit — CC100 0751-9301CWE-1188	6.5	Medium	2025-09-15
CVE-2025-41664	Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates — Coupler 0750-0362CWE-732	7.5	High	2025-09-08
CVE-2025-41672	WAGO: Vulnerability in WAGO Device Sphere — Wago Device SphereCWE-1188	10.0	Critical	2025-07-07
CVE-2025-25265	Unauthenticated File Read via Web Interface — WAGO CC100 0751-9x01CWE-306	4.9	Medium	2025-06-16
CVE-2025-25264	Overly Permissive CORS Policy in WAGO Device Manager — CC100 0751-9x01CWE-942	6.5	Medium	2025-06-16
CVE-2025-1235	WAGO: Switches affected by year 2k38 problem — Fully Managed Switches 0852-0303CWE-190	4.3	Medium	2025-06-02
CVE-2025-0101	WAGO: Year 2038 problem — CC100 0751-9x01CWE-190	6.5	Medium	2025-04-16
CVE-2024-12650	Wago: Vulnerability in libwagosnmp — CC100 0751-9x01CWE-252	5.4	Medium	2025-03-05
CVE-2018-25108	WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption — 750-8100 (Controller PFC100)CWE-770	7.5	High	2025-01-16
CVE-2024-41974	WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple Devices — CC100 0751-9x01CWE-732	7.1	High	2024-11-18
CVE-2024-41973	WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices — CC100 0751-9x01CWE-35	8.1	High	2024-11-18
CVE-2024-41972	WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices — CC100 0751-9x01CWE-35	6.5	Medium	2024-11-18
CVE-2024-41971	WAGO: Arbitrary File Overwrite in Multiple Devices — CC100 0751-9x01CWE-22	8.1	High	2024-11-18
CVE-2024-41970	WAGO: Unauthorized Diagnostic Data Exposure in Multiple Devices — CC100 0751-9x01CWE-732	5.7	Medium	2024-11-18
CVE-2024-41969	WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices — CC100 0751-9x01CWE-306	8.8	High	2024-11-18
CVE-2024-41967	WAGO: Boot Mode Manipulation in Multiple Devices — CC100 0751-9x01CWE-306	8.1	High	2024-11-18
CVE-2024-41968	WAGO: Docker Settings Manipulation in Multiple Devices — CC100 0751-9x01CWE-306	5.4	Medium	2024-11-18

This page lists every published CVE security advisory associated with Wago. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Support Us — Your donation helps us keep running

Wago — Vulnerabilities & Security Advisories 96