Advisories

Unsere Advisories sind ausschließlich in englischer Sprache verfügbar. Wir bitten um Ihr Verständnis.
Datum ID Titel
2020-11-19 VDE-2020-022 ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 2.x
2020-11-19 VDE-2020-021 ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 1.x
2020-11-19 VDE-2020-037 Beckhoff: Privilege Escalation through TwinCat System Tray (TcSysUI.exe) (Update A)
2020-10-27 VDE-2020-031 ENDRESS+HAUSER: Products utilizing WIBU-SYSTEMS AG Code Meter component
2020-10-27 VDE-2020-042 WAGO: PLC families 750-88x and 750-352 prone to DoS attack, versions < FW10
2020-10-27 VDE-2020-039 TRUMPF: Multiple products prone to WIBU CodeMeter vulnerabilities
2020-10-16 VDE-2020-043 BENDER: COMTRAXX - Inadequate credentials check
2020-10-12 VDE-2020-041 WEIDMUELLER: u-create studio affected by WIBU-SYSTEMS CodeMeter vulnerabilities
2020-10-07 VDE-2020-040 PEPPERL+FUCHS: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux (Update B)
2020-09-30 VDE-2020-029 WAGO: XSS vulnerability in Web-UI in WAGO 750-88X and WAGO 750-89X
2020-09-30 VDE-2020-028 WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03
2020-09-30 VDE-2020-027 WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07
2020-09-18 VDE-2020-035 MB connect line: Multiple Vulnerabilities in mymbCONNECT24 and mbCONNECT24 <= v2.6.1
2020-09-10 VDE-2020-034 PEPPERL+FUCHS/VMT Bildverarbeitungssysteme GmbH: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU SYSTEMS CodeMeter components
2020-09-10 VDE-2020-033 PILZ: Multiple products prone to WIBU CodeMeter vulnerabilities
2020-09-09 VDE-2020-032 WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT (Update A)
2020-09-09 VDE-2020-030 PHOENIX CONTACT: Products utilizing WIBU SYSTEMS CodeMeter components
2020-08-20 VDE-2020-026 PHOENIX CONTACT: Denial-of-Service vulnerabilty in Emalytics, ILC 2050 BI and ILC 2050 BI-L
2020-07-21 VDE-2020-025 PHOENIX CONTACT: Improper path sanitation on import of project files in PLCnext Engineer
2020-07-08 VDE-2020-024 MIELE: Treck TCP/IP Vulnerabilities (Ripple20) affecting Communication Module XKM3000 L MED
2020-07-01 VDE-2020-023 PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite
2020-06-16 VDE-2020-019 BECKHOFF: EtherLeak in TwinCAT RT network driver (Update A)
2020-06-10 VDE-2020-020 WAGO: PPPD in PFC100 and PFC200 Series is vulnerable to CVE-2020-8597
2020-06-10 VDE-2020-015 WAGO: Web Based Management - Code Execution Vulnerability
2020-06-02 VDE-2020-018 PHOENIX CONTACT FL MGUARD, TC MGUARD, TC ROUTER and TC CLOUD CLIENT: PPPD vulnerable to CVE-2020-8597
2020-05-29 VDE-2020-017 PEPPERL+FUCHS, PACTware: Two password vulnerabilities found
2020-05-28 VDE-2020-016 SWARCO: Critical Vulnerability in CPU LS4000
2020-03-31 VDE-2020-014 PEPPERL+FUCHS Kr00k vulnerabilities in Broadcom Wi-Fi chipsets
2020-03-27 VDE-2020-013 PHOENIX CONTACT Local Privilege Escalation in Portico Remote desktop control software
2020-03-27 VDE-2020-012 PHOENIX CONTACT Local Privilege Escalation in PC WORX SRT
2020-03-10 VDE-2020-005 BECKHOFF: BK9000 couplers - Denial of service inhibits function
2020-03-09 VDE-2020-011 WAGO: Multiple Vulnerabilities in I/O-Check Service
2020-03-09 VDE-2020-010 WAGO: Cloud Connectivity Remote Code Execution Vulnerability
2020-03-09 VDE-2020-009 WAGO: e!Cockpit Two Update Package Vulnerabilities
2020-03-09 VDE-2020-008 WAGO: Cloud Connectivity Multiple Vulnerabilities
2020-03-09 VDE-2020-007 WAGO: Web-Based Management Denial of Service
2020-03-09 VDE-2020-006 WAGO: Web-Based Management Authentication Vulnerabilities
2020-03-09 VDE-2020-004 WAGO: e!Cockpit cleartext communication and hardcoded key
2020-03-05 VDE-2020-003 PHOENIX CONTACT: TC Router and TC Cloud Client multiple vulnerabilities
2020-02-25 VDE-2020-002 PHOENIX CONTACT: Advisory for multiple FL Switch GHS utilising VxWorks
2020-02-17 VDE-2020-001 PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) allows unauthorised read and write access to the configuration file.
2019-12-16 VDE-2019-022 WAGO Multiple Vulnerabilities in I/O-Check Service in Multiple Devices
2019-12-05 VDE-2019-018 Weidmueller multiple vulnerabilities in various Industrial Ethernet managed switches
2019-11-07 VDE-2019-021 PEPPERL+FUCHS Linux Kernel Vulnerability on ecom Mobile Devices
2019-10-29 VDE-2019-020 PHOENIX CONTACT improper access control exists on FL NAT devices when using MAC-based port security (Update A)
2019-10-15 VDE-2019-016 PHOENIX CONTACT Security Advisory for Automation Worx Software Suite (Update A)
2019-10-09 VDE-2019-019 Beckhoff TwinCAT Denial-of-Service in Profinet driver (Update A)
2019-09-18 VDE-2019-017 WAGO Series PFC100/PFC200 Information Disclosure
2019-06-28 VDE-2019-015 PHOENIX CONTACT Security Advisory for Industrial Controllers ILC1x0, ILC1x1, AXC1050 and AXC3050
2019-06-19 VDE-2019-014 PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite (Update A)
2019-06-12 VDE-2019-013 WAGO Multiple Vulnerabilities in industrial managed switches
2019-06-04 VDE-2019-012 TECSON/GOK Improper Authentication and Access Control on multiple devices
2019-06-04 VDE-2019-009 PHOENIX CONTACT Multiple Vulnerabilities in AXC F 2152 (Update A)
2019-05-29 VDE-2019-011 PEPPERL+FUCHS Remote code execution vulnerability in HMI devices (Update A)
2019-05-20 VDE-2019-010 MIELE Multiple Vulnerabilities in XGW 3000 ZigBee Gateway
2019-04-12 VDE-2019-008 WAGO Undocumented service access in Series 750-88x and 750-87x devices
2019-03-25 VDE-2019-007 PHOENIX CONTACT command injection on RAD-80211-XD(/HP-BUS)
2019-03-25 VDE-2019-006 PHOENIX CONTACT unauthorized access to WEB-UI on FL NAT SMx
2019-03-19 VDE-2019-005 ENDRESS+HAUSER WIFI enabled products utilising WPA2
2019-03-14 VDE-2019-004 PEPPERL+FUCHS ecom Mobile Devices prone to BlueBorne Attack
2019-03-06 VDE-2019-002 PEPPERL+FUCHS Path traversal in WirelessHART Gateway
2019-03-05 VDE-2019-003 PHOENIX CONTACT Multiple Vulnerabilities in MEVIEW3
2019-01-23 VDE-2019-001 PHOENIX CONTACT Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx
2018-10-19 VDE-2018-016 PEPPERL+FUCHS ecom Mobile devices prone to Android privilege elevation vulnerability
2018-09-21 VDE-2018-015 PHOENIX CONTACT AXL F BK PN Denial of Service Vulnerability
2018-08-17 VDE-2018-013 WAGO 750-8xx Controller Denial of Service
2018-08-13 VDE-2018-012 PHOENIX CONTACT ILC 1x1 ETH Denial of Service
2018-07-10 VDE-2018-010 WAGO Multiple vulnerabilities in e!DISPLAY products
2018-07-06 VDE-2018-008 PEPPERL+FUCHS Remote Code Execution Vulnerability in HMI Devices
2018-07-06 VDE-2018-009 PEPPERL+FUCHS Security advisory for MELTDOWN and SPECTRE attacks in ecom mobile Devices (Update A)
2018-05-16 VDE-2018-007 PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx series - Stack-based Buffer Overflow in shared object file
2018-05-16 VDE-2018-006A PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx series through 1.33 has a Stack-based Buffer Overflow (Update A)
2018-05-16 VDE-2018-005 PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx series through 1.33 allows Information Exposure
2018-05-16 VDE-2018-004 PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx series through 1.33 allows Command Injection
2018-03-23 VDE-2018-003 PHOENIX CONTACT addressing Meltdown and Spectre vulnerabilities
2018-02-14 VDE-2018-002 Pepperl+Fuchs HMI devices vulnerable to Meltdown and Spectre Attacks
2018-01-30 VDE-2018-001 PHOENIX CONTACT Advisory for mGuard products
2018-01-10 VDE-2017-006 PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx series web-service authentication bypass
2017-12-11 VDE-2017-005 PEPPERL+FUCHS / ecom instruments WLAN enabled products utilizing WPA2 encryption (Update A)
2017-12-05 VDE-2017-004 PHOENIX CONTACT FL COMSERVER cross-site scripting (XSS) vulnerability
2017-11-09 VDE-2017-003B PHOENIX CONTACT WLAN enabled devices utilising WPA2 encryption (Update B)
2017-09-07 VDE-2017-002 PHOENIX CONTACT mGuard device manager (mdm) multiple vulnerabilities in Java SE
2017-08-11 VDE-2017-001 PHOENIX CONTACT mGuard IKE daemon remote denial of service