Wago

By the Year

In 2026 there have been 6 vulnerabilities in Wago with an average score of 9.5 out of ten. Last year, in 2025 Wago had 7 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Wago in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.94.

Recent Wago Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2026-3587	Mar 23, 2026	Remote CLI Escape to Root via Hidden Function on Linux An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
CVE-2026-22906	Feb 09, 2026	CVE-2026-22906: Credential Store Uses AESECB with Hardcoded Key (Auth Bypass) User credentials are stored using AESECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.
CVE-2026-22905	Feb 09, 2026	Unauthenticated Remote Path Traversal via /js/../cgi-bin/post.cgi An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.
CVE-2026-22904	Feb 09, 2026	Liferay Portal: Cookie Parsing Length Mishandle Enables Stack Buffer Overflow Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denialofservice condition and possible remote code execution.
CVE-2026-22903	Feb 09, 2026	lighttpd SESSIONID cookie stack buffer overflow enables RCE An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.
CVE-2022-50926	Jan 13, 2026	WAGO PFC200 G2 2ETH RS fw privilege escalation via session cookie modify WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.
CVE-2025-41732	Dec 10, 2025	Remote RCE via unsafe sscanf in check_cookie() - stack buffer overflow An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
CVE-2025-41730	Dec 10, 2025	IoT Device Vulnerability: SScanf Stack Buffer Overflow in check_account() An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
CVE-2025-41716	Sep 24, 2025	Unauth remote info leak via role enumeration in web app The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
CVE-2025-41715	Sep 24, 2025	Unauth DB Exposure in Web Application Remote Access Vulnerability The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
CVE-2025-41713	Sep 15, 2025	CVE-2025-41713: Switch Permits Unauthorized Traffic in Undefined Boot State During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.	Cc100 Tp600
CVE-2025-25264	Jun 16, 2025	Unsecured CORS Policy Enables Data Exposure Attack An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.
CVE-2025-25265	Jun 16, 2025	Unauth Remote File Read via Web Config Endpoint on Controller A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows a high privileged remote attacker to read files from the systems file structure.
CVE-2023-5188	Dec 05, 2023	WagoAppRTU MMS Interpreter DOS before 1.4.6.0 The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.	Telecontrol Configurator Wagoapprtu
CVE-2021-21001	May 24, 2021	On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
CVE-2021-21000	May 24, 2021	On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
CVE-2021-20993	May 13, 2021	In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
CVE-2021-20994	May 13, 2021	In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
CVE-2021-20995	May 13, 2021	In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
CVE-2021-20996	May 13, 2021	In multiple managed switches by WAGO in different versions special crafted requests In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.
CVE-2021-20997	May 13, 2021	In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
CVE-2021-20998	May 13, 2021	In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
CVE-2020-12525	Jan 22, 2021	M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.	Dtminspector 3 Fdtcontainer Application Fdtcontainer Component And others...
CVE-2020-12522	Dec 17, 2020	The reported vulnerability The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
CVE-2020-12516	Dec 10, 2020	Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack. Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
CVE-2020-12505	Sep 30, 2020	Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below.
CVE-2020-12506	Sep 30, 2020	Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
CVE-2019-5107	Mar 11, 2020	A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1 A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints.	Ecockpit
CVE-2019-5158	Mar 11, 2020	An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5 An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability.	Ecockpit
CVE-2019-5159	Mar 11, 2020	An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7 An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.	Ecockpit
CVE-2019-5106	Mar 11, 2020	A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1 A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text.	Ecockpit