VDE-2023-055
Dez. 12, 2023, 8:00 vorm.
Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks. The controllers don't feature a function to check integrity and authenticity of the …
VDE-2023-049
Dez. 11, 2023, 8:00 vorm.
Frauscher Sensortechnik GmbH FDS102 for FAdC/FAdCi v2.10.1 is vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface by using an authenticated session cookie.
VDE-2023-066
Dez. 5, 2023, 3:25 nachm.
UPDATE 29.02.2024: Removed "This version is planned for January 2024." from Solution as the updated version is released.On CODESYS Control runtimes running on Linux or QNX operating systems, successfully authenticated …
VDE-2023-059
Dez. 5, 2023, 8:06 vorm.
The Builder and Viewer components of the product PASvisu are based on the 3rd-party-component Electron. Electron contains several other open-source components which are affected by vulnerabilities. The vulnerabilities may enable …
VDE-2023-035
Dez. 5, 2023, 8:00 vorm.
Several CODESYS setups contain and install vulnerable versions of the WIBU CodeMeter Runtime.
VDE-2023-045
Dez. 5, 2023, 8:00 vorm.
An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.
VDE-2023-044
Dez. 5, 2023, 8:00 vorm.
The Library WagoAppRTU which is part of the Wago Telecontrol Configurator is prone to improper input validation. By sending specifically crafted MMS packets an attacker can trigger a denial-of-service condition.
VDE-2023-062
Nov. 21, 2023, 9:15 vorm.
A heap-based buffer overflow caused by libcurl and wrong whitespace character interpretationin Javascript, both used in CodeMeter Runtime affecting multiple products by PHOENIX CONTACT.