Advisories | CERT@VDE

2024-03-13 09:30 VDE-2023-039

Wago: Multiple vulnerabilities in web-based management of multiple products

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning, and updates.

The option to change the configuration data via tools or the web-based-management enabled attackers to prepare cross-site-scripting attacks and under specific circumstances perform remote code execution.

CVE-2015-10123: 7.5

CVE-2018-25090: 6.1

2024-03-12 08:00 VDE-2024-011

PHOENIX CONTACT: Multiple vulnerabilities in CHARX SEC charge controllers

Multiple vulnerabilities have been discovered in the Firmware of CHARX SEC charge controllers. These vulnerabilities were discovered as part of a PWN2OWN competition initiated by Trend Micro Zero Day Initiative (ZDI).

CVE-2024-25995: 9.8

CVE-2024-26288: 8.7

CVE-2024-25999: 8.4

CVE-2024-26002: 7.8

CVE-2024-26003: 7.5

CVE-2024-26004: 7.5

CVE-2024-26001: 7.4

CVE-2024-25998: 7.3

CVE-2024-26000: 5.9

CVE-2024-25994: 5.3

CVE-2024-25997: 5.3

CVE-2024-25996: 5.3

CVE-2024-26005: 4.8

Feeds

RSS / Atom

Nach Hersteller

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (9)

Bender (2)

CODESYS (8)

Endress+Hauser (10)

Festo (11)

Festo Didactic (6)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (7)

HIMA (2)

ifm (1)

Innominate (2)

Lenze (2)

MB connect line (9)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (26)

PHOENIX CONTACT (80)

Pilz (13)

Red Lion Europe (2)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (2)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (55)

Weidmueller (10)

Welotec (2)

Wiesemann & Theis (3)

Archiv

2024

April (3)
März (2)
Februar (6)
Januar (7)

2023

Dezember (14)
November (5)
Oktober (5)
September (5)
August (13)
Juli (5)
Juni (3)
Mai (4)
April (1)
März (3)
Februar (3)
Januar (2)

2022

Dezember (5)
November (10)
Oktober (5)
September (7)
August (4)
Juli (4)
Juni (7)
Mai (3)
April (11)
März (5)
Januar (5)

2021

Dezember (2)
November (6)
Oktober (5)
September (2)
August (10)
Juli (3)
Juni (9)
Mai (6)
April (2)
März (3)
Februar (3)
Januar (4)

2020

Dezember (4)
November (3)
Oktober (6)
September (8)
August (1)
Juli (3)
Juni (4)
Mai (2)
März (12)
Februar (2)

2019

Dezember (2)
Oktober (3)
September (1)
Juni (4)
Mai (2)
März (6)
Januar (1)

2018

Oktober (1)
September (1)
August (2)
Juli (3)
Mai (4)
März (1)
Februar (1)
Januar (2)

2017

Dezember (2)
November (1)
September (1)
März (1)

Legende

(Scoring für CVSS 2.0,3.0+3.1)

keine

Kein CVE verfügbar

Niedrig

0.1 <= 3.9

Mittel

4.0 <= 6.9

Hoch

7.0 <= 8.9

Kritisch

9.0 <= 10.0