VDE-2021-009
Mai 14, 2025, 3:00 nachm.
Multiple products of PILZ utilise a third-party TCP/IP implementation - the "Niche Ethernet Stack". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.
VDE-2022-057
Mai 14, 2025, 3:00 nachm.
Multiple Wiesemann & Theis product families are affected by a vulnerability in the web interface. The device allows an unauthenticated attacker to get the session ID of a logged in …
VDE-2021-005
Mai 14, 2025, 3:00 nachm.
The fdtCONTAINER component is integrated into an application (host application). The fdtCONTAINER application is a specific host application which integrates the fdtCONTAINER component. The fdtCONTAINER component exchanges binary data blobs …
VDE-2024-027
Mai 14, 2025, 3:00 nachm.
All legitimate local Microsoft Windows users can read or modify files that are located in the working directory of the affected CODESYS products, even if they are executed under a …
VDE-2024-070
Mai 14, 2025, 3:00 nachm.
Improper file permission handling allows an authenticated low privileged user to gain root access.
VDE-2019-002
Mai 14, 2025, 3:00 nachm.
Pepperl+Fuchs analyzed WirelessHART-Gateways in respect of a critical vulnerability within the Firmware. An attacker may exploit this vulnerability to get access to files and access restricted directories that are stored …
VDE-2021-044
Mai 14, 2025, 3:00 nachm.
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
VDE-2020-044
Mai 14, 2025, 3:00 nachm.
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates. With special crafted requests it is possible to read and write some …