Wago Security Vulnerabilities (CVEs)

Track 21 security vulnerabilities affecting Wago products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

14 Critical

7 High

Sort by:

🔔 Get Alerts for Wago

CVE-2025-41732 9.8

This critical vulnerability allows unauthenticated remote attackers to exploit unsafe sscanf calls in the check_cookie() function, leading to stack bu...

Dec 10, 2025

CVE-2025-41730 9.8

An unauthenticated remote attacker can exploit unsafe sscanf calls in the check_account() function to write arbitrary data into fixed-size stack buffe...

Dec 10, 2025

CVE-2023-4149 9.8

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary system commands with root privileges through the web-based ma...

Nov 21, 2023

CVE-2023-1150 7.5

CVE-2023-1150 is a denial-of-service vulnerability in WAGO 750-3x/-8x series industrial controllers. Unauthenticated remote attackers can send special...

Jun 26, 2023

CVE-2023-1698 9.8

This critical vulnerability in WAGO products allows unauthenticated remote attackers to create new user accounts and modify device configurations. Thi...

May 15, 2023

CVE-2022-45138 9.8

CVE-2022-45138 is an authentication bypass vulnerability in the web-based management configuration backend, allowing unauthenticated attackers to read...

Feb 27, 2023

CVE-2022-45140 9.8

CVE-2022-45140 allows unauthenticated attackers to write arbitrary data with root privileges to the configuration backend storage. This can lead to re...

Feb 27, 2023

CVE-2021-34595 8.1

CVE-2021-34595 is an out-of-bounds read/write vulnerability in CODESYS V2 Runtime Toolkit and PLCWinNT software. Attackers can send crafted requests w...

Oct 26, 2021

CVE-2021-34584 9.1

CVE-2021-34584 is a buffer over-read vulnerability in the CODESYS V2 web server that allows attackers to read partial stack or heap memory or cause de...

Oct 26, 2021

CVE-2021-34586 7.5

CVE-2021-34586 is a null pointer dereference vulnerability in the CODESYS V2 web server that allows crafted web requests to cause denial-of-service co...

Oct 26, 2021

CVE-2021-34581 7.5

This CVE describes a memory leak vulnerability in OpenSSL implementation on specific WAGO PLC devices. Unauthenticated attackers can cause denial-of-s...

Aug 31, 2021

CVE-2021-30186 7.5

CVE-2021-30186 is a heap-based buffer overflow vulnerability in CODESYS V2 runtime system SP. This vulnerability allows attackers to execute arbitrary...

May 25, 2021

CVE-2021-30188 9.8

CVE-2021-30188 is a critical stack-based buffer overflow vulnerability in CODESYS V2 runtime systems. It allows remote attackers to execute arbitrary ...

May 25, 2021

CVE-2021-30190 9.8

CVE-2021-30190 is an improper access control vulnerability in CODESYS V2 Web-Server that allows unauthenticated attackers to bypass authentication and...

May 25, 2021

CVE-2021-30192 9.8

CVE-2021-30192 is an improper security check vulnerability in CODESYS V2 Web-Server that allows attackers to bypass authentication and gain unauthoriz...

May 25, 2021

CVE-2021-30194 9.1

CVE-2021-30194 is an out-of-bounds read vulnerability in CODESYS V2 Web-Server that could allow attackers to read sensitive memory contents or cause d...

May 25, 2021

CVE-2021-21001 9.1

This vulnerability allows authenticated attackers with network access to WAGO PFC200 devices to access the file system with elevated privileges via sp...

May 24, 2021

CVE-2021-20997 7.5

This vulnerability in WAGO managed switches allows attackers to read password hashes of all Web-based Management users. This affects organizations usi...

May 13, 2021

CVE-2021-20998 10.0

This critical vulnerability in WAGO managed switches allows unauthenticated attackers to create new user accounts via specially crafted network packet...

May 13, 2021

CVE-2021-20994 8.8

This is a cross-site scripting (XSS) vulnerability in WAGO managed switches that allows attackers to inject malicious code into the web-based manageme...

May 13, 2021

CVE-2020-12522 10.0

This critical vulnerability allows remote attackers with network access to execute arbitrary operating system commands on affected WAGO industrial con...

Dec 17, 2020

Why Monitor Wago Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 21+ known vulnerabilities affecting Wago products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Wago packages in under 60 seconds. No agents required - completely agentless scanning that works across Wago deployments.

Free vulnerability database: Access detailed information about every Wago CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Wago CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Wago CVEs Free