VDE-2023-037
Nov. 21, 2023, 8:00 vorm.
Affected products are vulnerable to remote code execution via command injection in the web-based management by an attacker.
VDE-2023-015
Nov. 20, 2023, 8:00 vorm.
There is a misconfiguration of access rights to a configuration tool of the web-based-management for a specific user, which allows to reset passwords of other users (except root). This allows …
VDE-2023-030
Nov. 13, 2023, 12:00 nachm.
A Vulnerability in WIBU-SYSTEMS CodeMeter Runtime affects multiple Phoenix Contact products. Phoenix Contact devices using CodeMeter embedded are not affected by this vulnerability. Update A, 2023-11-13 Removed CVE-2023-4701 because it …
VDE-2023-031
Nov. 13, 2023, 12:00 nachm.
The TRUMPF CAD/CAM software tools mentioned above use the vulnerable CodeMeter Runtime (up to version 7.60b) application from WIBU-SYSTEMS AG to manage licenses within the component TRUMPF License Expert. This …
VDE-2023-041
Okt. 16, 2023, 10:38 vorm.
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain …
VDE-2023-043
Okt. 16, 2023, 10:38 vorm.
A vulnerability in the affected products allows an authenticated, low-privileged attacker to gain unauthorized read access to limited, non-critical device information. The issue arises from improper access validation.
VDE-2022-040
Sept. 22, 2023, 2:39 nachm.
UPDATE A: Solution has updated release datesUPDATE B: Solution has updated release datesThis Advisory is published with reference to: CODESYS Advisory 2022-11 (Security update for CODESYS Control V2) CODESYS Advisory …
VDE-2023-038
Sept. 21, 2023, 8:00 vorm.
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are prone to multiple vulnerabilities which could lead up to a full compromise of the FDS101 device.