Pepperl+Fuchs: Use after free vulnerability in Smart-Ex 02 and Smart-Ex 03

A critical security vulnerability was discovered in the products, which is caused by the IPv6 stack in the Linux kernel.
The impact of the vulnerability on the affected products may result in

  • Elevation of privileges


CVE-2024-36971: 7.8

Pepperl+Fuchs: Anonymous FTP server and Telnet access allows information disclosure and manipulation

Critical vulnerabilities has been discovered in the product, mainly caused by an
anonymous FTP server and Telnet access.
The impact of the vulnerabilities on the affected device may result in

  • Information disclosure
  • Denial of service
  • Device manipulation


CVE-2024-6422: 9.8
CVE-2024-6421: 7.5

Pepperl+Fuchs: ICE2- * and ICE3- * are affected by multiple vulnerabilities

Critical vulnerabilities have been discovered in the product due to outdated software components.
The impact of the vulnerabilities on the affected device may result in

  • Denial of service
  • Bypassing of authentication
  • Information disclosure


CVE-2002-20001: 7.5
CVE-2022-40735: 7.5
CVE-2022-31629: 6.5
CVE-2020-7070: 5.3
CVE-2021-21707: 5.3
CVE-2004-0230: 5.0
CVE-2011-3389: 4.3
CVE-1999-0524: 2.1

Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities

Critical vulnerabilities have been discovered in the utilized Bluetooth component.
For more information see: https://kb.cert.org/vuls/id/799380


CVE-2020-26559: 8.8
CVE-2020-26560: 8.1
CVE-2020-26557: 7.5
CVE-2020-26556: 7.5
CVE-2020-26555: 5.4
CVE-2020-26558: 4.2

Pepperl+Fuchs: Vulnerability in multiple VisuNet devices (UPDATE A)

Critical vulnerabilities have been discovered in the utilized component Remote Desktop Client by Microsoft.
For more information see: https://msrc.microsoft.com/update-guide/vulnerability/CVE- 2022-21990


CVE-2022-21990: 8.8

Pepperl+Fuchs: Multiple DTM and VisuNet Software affected by log4net vulnerability (Update A)

Critical vulnerabilities have been discovered in the utilized component log4net by Apache Software Foundation.
UPDATE A: Remediation: added fixed VisuNet Products 


CVE-2018-1285: 9.8

Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities

Critical vulnerabilities have been discovered in the utilized component TRECK TCP/IP Stack by Digi International Inc.

For more information see advisory by Digi International Inc.:
Digi International Security Notice - TRECK TCP/IP Stack "RIPPLE20" VU#257161 ICS-VU-035787 | Digi International


CVE-2020-11896: 10.0
CVE-2020-11897: 10.0
CVE-2020-11898: 9.1
CVE-2020-11901: 9.0
CVE-2020-11900: 8.2
CVE-2020-11902: 7.3
CVE-2020-11904: 7.3
CVE-2020-11905: 6.5
CVE-2020-11903: 6.5
CVE-2020-11906: 6.3
CVE-2020-11907: 6.3
CVE-2020-11899: 5.4
CVE-2020-11910: 5.3
CVE-2020-11909: 5.3
CVE-2020-11912: 5.3
CVE-2020-11913: 5.3
CVE-2020-11911: 5.3
CVE-2020-11908: 4.3
CVE-2020-11914: 4.3

Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service

Critical vulnerabilities have been discovered in the product and in the utilized components jQuery by jQuery Team and TLS Version 1.0/1.1.

The impact of the vulnerabilities on the affected device may result in

  • denial of service
  • remote code execution
  • code exposure


CVE-2021-34565: 9.8
CVE-2021-34561: 8.8
CVE-2016-10707: 7.5
CVE-2021-33555: 7.5
CVE-2019-11358: 6.1
CVE-2014-6071: 6.1
CVE-2012-6708: 6.1
CVE-2015-9251: 6.1
CVE-2021-34562: 6.1
CVE-2020-11023: 6.1
CVE-2020-11022: 6.1
CVE-2020-7656: 6.1
CVE-2021-34560: 5.5
CVE-2021-34564: 5.5
CVE-2021-34559: 5.3
CVE-2007-2379: 5.0
CVE-2011-4969: 4.3
CVE-2021-34563: 3.3
CVE-2013-0169: 2.6

Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0