Advisories

Für CVSS 2.0, 3.0 und 3.2
VDE-2022-035
Aug. 17, 2022, 10:00 vorm.

WAGO: Multiple product series affected by multiple CODESYS vulnerabilities

Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.
CVE-2021-33485
CVE-2020-6081
CVE-2021-36763
CVE-2021-29241
CVE-2021-36765
CVE-2021-29242
VDE-2022-034
Aug. 15, 2022, 12:00 nachm.

TRUMPF: Products prone to Unified Automation vulnerabilities

A number of TRUMPF software tools use the OPC UA Server in C++ based OPC UA SDK by Unified Automation. The application contains several vulnerabilities, which enable an attacker to …
CVE-2022-29864
CVE-2022-29862
VDE-2022-032
Aug. 9, 2022, 10:00 vorm.

AUMA: Multiple Vulnerabilities in Automation Runtime NTP Service

The SIMA2 Master Station features an NTP service based on ntpd, a reference implementation of the Network Time Protocol (NTP). Affected SIMA2 Master Stations with software version < V2.6 include …
CVE-2015-7705
CVE-2015-7853
CVE-2018-7183
CVE-2018-12327
CVE-2015-7871
CVE-2017-6460
CVE-2017-6458
CVE-2015-7854
CVE-2015-7849
CVE-2017-6462
CVE-2017-6451
CVE-2015-7974
CVE-2016-4957
CVE-2016-7426
CVE-2015-7703
CVE-2015-5300
CVE-2015-7701
CVE-2020-11868
CVE-2019-8936
CVE-2018-7185
CVE-2018-7184
CVE-2018-7182
CVE-2016-7434
CVE-2016-4954
CVE-2016-4953
CVE-2015-7979
CVE-2015-7978
CVE-2015-7704
CVE-2015-7692
CVE-2015-7691
CVE-2020-13817
CVE-2016-1548
CVE-2016-1549
CVE-2017-6464
CVE-2017-6463
CVE-2016-9310
CVE-2015-7973
CVE-2015-7855
CVE-2015-7851
CVE-2015-7850
CVE-2015-7702
CVE-2015-7975
CVE-2016-2519
CVE-2016-9311
CVE-2016-4955
CVE-2015-8158
CVE-2015-7977
CVE-2015-7852
CVE-2016-2516
CVE-2016-4956
CVE-2018-8956
CVE-2016-7433
CVE-2016-7431
CVE-2016-2518
CVE-2016-2517
CVE-2016-1550
CVE-2016-1547
CVE-2015-8139
CVE-2015-8138
CVE-2020-15025
CVE-2015-8140
CVE-2016-7428
CVE-2016-7427
CVE-2015-7976
CVE-2016-1551
CVE-2016-7429
CVE-2014-9750
CVE-2014-9296
CVE-2014-9295
CVE-2014-9294
CVE-2014-9293
CVE-2013-5211
CVE-2009-3563
VDE-2022-030
Juli 11, 2022, 12:00 nachm.

Lenze: Vulnerability in the OPC-UA authentification connection in the firmware

The machine controller of the cabinet series include an OPC-UA server which uses an user management to authenticate clients via anonymous or user/password authentication. If the user/password authentication is selected, …
CVE-2022-2302
VDE-2021-004
Juni 21, 2022, 10:00 vorm.

Weidmueller: EtherNet/IP Fieldbus Coupler out-of-bounds write

A critical vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit (EADK) by Pyramid Solutions, Inc.. For details refer to CVE(s).This vulnerability may allow an attacker to …
CVE-2022-1737
VDE-2022-019
Juni 2, 2022, 5:11 nachm.

Endress+Hauser: Multiple products utilizing vulnerable WIBU-SYSTEMS CodeMeter components

For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.
CVE-2021-20093
CVE-2021-22901
CVE-2021-20094
CVE-2020-8286
CVE-2021-41057
CVE-2021-41184
CVE-2021-41182
CVE-2021-41183
VDE-2022-012
Mai 16, 2022, 4:15 nachm.

Pepperl+Fuchs: Vulnerability in multiple VisuNet devices

Critical vulnerabilities have been discovered in the utilized component Remote Desktop Client by Microsoft.For more information see: https://msrc.microsoft.com/update-guide/vulnerability/CVE- 2022-21990
CVE-2022-21990
VDE-2022-018
Mai 11, 2022, 4:20 nachm.

PHOENIX CONTACT: Multiple vulnerabilities in RAD-ISM-900-EN-BD devices

Multiple vulnerabilities have been discovered in the firmware and in libraries utilized of RAD-ISM-900-EN-BD devices: In addition to the above listed CVEs the following issues were identified: Vulnerabilities related to …
CVE-2022-29898
CVE-2022-29897