Welotec: Clickjacking Vulnerability in WebUI

Welotec has been informed by an external source that the WebUI of the device management solution "SMART EMS" and the remote connectivity solution "VPN Security Suite" is vulnerable to so-called "Clickjacking" and advises to update to version v3.1.4 or later.


CVE-2024-3911: 6.5

Pepperl+Fuchs: ICE2- * and ICE3- * are affected by multiple vulnerabilities

Critical vulnerabilities have been discovered in the product due to outdated software components.
The impact of the vulnerabilities on the affected device may result in

  • Denial of service
  • Bypassing of authentication
  • Information disclosure


CVE-2002-20001: 7.5
CVE-2022-40735: 7.5
CVE-2022-31629: 6.5
CVE-2021-21707: 5.3
CVE-2020-7070: 5.3
CVE-2004-0230: 5.0
CVE-2011-3389: 4.3
CVE-1999-0524: 2.1

Welotec: Two vulnerabilities in TK500v1 router series

Welotec has closed two vulnerabilities in the TK500v1 router series and advises to update the routers to firmware version r5542 or later. An exploitation of the vulnerabilities can allow an attacker to manipulate the device.


CVE-2023-1083: 9.8
CVE-2023-1082: 8.8

Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0