In case TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending special packets to the device.
The reported vulnerability allows a remote attacker to check paths and file names that are used in filesystem operations.
Update, 18.9.2019, 18:30
A manipulated PC Worx or Config+ project file could lead to a remote code execution.
The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.
Multiple vulnerabilities have been identified in WAGO 852-303, 852-1305 and 852-1505 industrial managed ethernet switches.
A security researcher discovered that the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.
Multiple vulnerabilities have been identified in PHOENIX CONTACT AXC F 2152 with firmware versions 1.x
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre- authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
See details on Microsoft's advisories:
CVE-2019-0708 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
CVE-2019-1181 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181)
CVE-2019-1182 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182)
Update A, 07.10.2019
Miele XGW 3000 is a ZigBee-TCP/IP gateway. The gateway connects Miele ZigBee-Appliances (called Miele@home) with local customer TCP/IP-Network and allows visualizing the appliance state on the web interface of the gateway, Miele SuperVision capable appliance, smartphone/tablet app or home automatization device.
An external security researcher reported two vulnerabilities in XGW 3000 gateway and provided a Proof-of-Concept. The combined exploitation of both vulnerabilities allow the circumvention of the authentication mechanisms of the XGW3000.
The Miele PSIRT managed to reproduce the findings and successfully exploited the gateway. Therefore, the existence of all vulnerabilities has been confirmed.