VDE-2022-004
März 9, 2022, 8:00 vorm.
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) …
VDE-2021-050
Nov. 16, 2021, 12:02 nachm.
Multiple vulnerabilities were reported in the Nucleus Real-Time Operating System (RTOS). The Nucleus RTOS is an essential component in several WAGO PLCs and fieldbus coupler. WAGO uses older Versions of …
VDE-2021-046
Nov. 10, 2021, 8:23 vorm.
Cross-site scripting in web-based management and memory leak in the remote logging function of FL MGUARD 1102 and FL MGUARD 1105. CVE-2021-34582: The file upload functionality in the web-based management …
VDE-2021-048
Okt. 4, 2021, 2:33 nachm.
The affected products contain a CODESYS Control runtime system in version V2. They are therefore affected by the vulnerability described in CODESYS Advisory 2021-06. It provides a communication server for …
VDE-2021-033
Aug. 12, 2021, 3:02 nachm.
VDE-2021-034
Juli 30, 2021, 9:55 vorm.
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM …
VDE-2021-018
Mai 12, 2021, 10:57 vorm.
Critical vulnerability has been discovered in the utilized components rcX, mbedTLS, PROFINET IO Device and EtherNet/IP Core by Hilscher Gesellschaft für Systemautomation mbH. The impact of the vulnerabilities on the …
VDE-2020-051
Mai 11, 2021, 12:00 nachm.
Some TwinCAT OPC UA Server and IPC Diagnostics UA Server versions from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send …