Frauscher Sensortechnik GmbH FDS102 for FAdC/FAdCi v2.10.1 is vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface by using an authenticated session cookie.
On CODESYS Control runtimes running on Linux or QNX operating systems, successfully authenticated PLC programmers can utilize SysFile or CAA-File system libraries to inject calls to additional shell functions.
The Builder and Viewer components of the product PASvisu are based on the 3rd-party-component Electron. Electron contains several other open-source components which are affected by vulnerabilities. The vulnerabilities may enable an attacker to gain full control over the system. The vulnerabilities can be exploited locally or over the network.
Several Pilz products use the 3rd-party component “libwebp” for decoding of images in WebP format. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. Depending on the affected product, the vulnerabilities can be exploited locally or over the network.
The Library WagoAppRTU which is part of the Wago Telecontrol Configurator is prone to improper input validation. By sending specifically crafted MMS packets an attacker can trigger a denial-of-service condition.
An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.
Several CODESYS setups contain and install vulnerable versions of the WIBU CodeMeter Runtime.
A vulnerability in the Wibu CodeMeter Runtime, which is part of the installation packages of
several Festo products, was found. This could lead to remote code execution and escalation of
privileges giving full admin access on the host system.
Update A, 2023-12-05