A collection of Bluetooth attack vectors were discovered and related vulnerabilities known as "BlueBorne" were disclosed. These vulnerabilities collectively endanger amongst others Windows, Linux and mobile operating systems like Android or IOS. An unauthenticated attacker may take control of devices and perform commands or access sensitive data.
Pepperl+Fuchs analyzed WirelessHART-Gateways in respect of a critical vulnerability within the Firmware. An attacker may exploit this vulnerability to get access to files and access restricted directories that are stored on the device by manipulating file parameters that reference these. Incoming HTTP requests using fcgi-bin/wgsetcgi and a filename parameter allow a directory / path traversal. A publicly available exploit already exists for this vulnerability.
Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18
Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.
An attacker may gain access (by elevated privileges) to CT50-Ex mobile computers through a vulnerability in a system service running the Android Operating System (OS). The system service improperly validates incoming connection requests. Although the vulnerability is significant, currently no known exploits publicly available.
Incorrect handling request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.