Advisories | CERT@VDE

2024-07-09 09:00 VDE-2024-012

ifm: Vulnerabilities in ifm AC14 firmware

In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts a scripts capable of executing various commands.

weiter ...

CVE-2024-28747: 9.8

CVE-2024-28751: 9.1

CVE-2024-28750: 7.2

CVE-2024-28749: 7.2

CVE-2024-28748: 7.2

2024-06-03 08:00 VDE-2024-028

ifm: moneo password reset can be exploited

moneo "Forgot Password" function has a vulnerability which allows gaining privileged access.

weiter ...

CVE-2024-5404: 9.8

2022-12-12 12:00 VDE-2022-050

IFM: weak password recovery vulnerability in moneo appliance

An unauthenticated remote attacker could reset the administrator's password with information from the default, self-signed certificate.

weiter ...

CVE-2022-3485: 9.8

Feeds

RSS / Atom

Nach Hersteller

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (9)

Bender (2)

CODESYS (11)

Endress+Hauser (10)

Festo (11)

Festo Didactic (6)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (8)

HIMA (2)

ifm (3)

Innominate (2)

Lenze (2)

MB connect line (9)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (28)

PHOENIX CONTACT (82)

Pilz (13)

Red Lion Europe (3)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (2)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (57)

Weidmueller (10)

Welotec (2)

Wiesemann & Theis (3)

Legende

(Scoring für CVSS 2.0,3.0+3.1)

keine

Kein CVE verfügbar

Niedrig

0.1 <= 3.9

Mittel

4.0 <= 6.9

Hoch

7.0 <= 8.9

Kritisch

9.0 <= 10.0

ifm: Vulnerabilities in ifm AC14 firmware

ifm: moneo password reset can be exploited

IFM: weak password recovery vulnerability in moneo appliance

Feeds

Nach Hersteller

Archiv

2024

2023

2022

2021

2020

2019

2018

2017

Legende