An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HWago Pfc200
HWWagowszystkie wersjeWago Pfc200 Firmware
OSWago03.00.39\(12\)03.01.07\(13\)03.02.02\(14\)
Related vulnerabilities
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users an...
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the s...
The configuration backend of the web-based management can be used by unauthenticated users, although only auth...
An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC2...
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response ...