WAGO: Multiple products vulnerable to local file inclusion

An attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way.


CVE-2023-4089: 2.7

Helmholz: Vulnerability allows access to non-critical information in myREX24 and myREX24.virtual


CVE-2023-4834: 4.3

Red Lion Europe: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24


CVE-2023-4834: 4.3

Pilz : WIBU Vulnerabilitiy in multiple Products (Update A)

Several Pilz products use the 3rd party component "CodeMeter Runtime" from WIBU-SYSTEM AG to manage software licenses. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. The vulnerability can be exploited locally or over the network.

Update A, 2023-12-05

  • changed affected version of "Software PASvisu < 1.15.0" to "Software PASvisu < 1.14.1"
  • removed CVE-2023-4701 because it was revoked.


CVE-2023-3935: 9.8

Wago: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT and WAGO-I/O-Pro (UPDATE B)

UPDATE A 26.09.2023:
Changed affected Version of e!Cockpit from < 1.11.2.0 to <= 1.11.2.0

Vulnerabilities are reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations. All currently existing e!COCKPIT installation bundles and WAGO-I/O-Pro (CODESYS 2.3) installation bundles are affected with vulnerable versions of WIBU-SYSTEMS Codemeter.

UPDATE B 20.11.2023:
Removed CVE-2023-4701 because it was revoked.


CVE-2023-3935: 9.8

Frauscher: Multiple Vulnerabilities in FDS101

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are prone to multiple vulnerabilities which could lead up to a full compromise of the FDS101 device.


CVE-2023-4291: 9.8
CVE-2023-4152: 7.5
CVE-2023-4292: 5.3

PHOENIX CONTACT: Multiple products affected by WIBU Codemeter Vulnerability (Update A)

A Vulnerability in WIBU-SYSTEMS CodeMeter Runtime affects multiple Phoenix Contact products.

Phoenix Contact devices using CodeMeter embedded are not affected by this vulnerability.

Update A, 2023-11-13

Removed CVE-2023-4701 because it was revoked.


CVE-2023-3935: 9.8

Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability (Update A)

The TRUMPF CAD/CAM software tools mentioned above use the vulnerable CodeMeter Runtime (up to version 7.60b) application from WIBU-SYSTEMS AG to manage licenses within the component TRUMPF License Expert. This CodeMeter application contains new vulnerabilities, which may enable an attacker to gain full access to the server or workstation on which the TRUMPF License Expert has been installed on. A new version of the TRUMPF License Expert which fixes this vulnerability is available.
Machines with a running and correctly installed mGuard hardware firewall cannot be exploited by this vulnerability if used as intended (according to the manual).

Update A, 2023-11-13

Removed CVE-2023-4701 because it was revoked.


CVE-2023-3935: 9.8

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0