Critical vulnerabilities has been discovered in the product, mainly caused by an
anonymous FTP server and Telnet access.
The impact of the vulnerabilities on the affected device may result in
A critical security vulnerability was discovered in the products, which is caused by the IPv6 stack in the Linux kernel.
The impact of the vulnerability on the affected products may result in
In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts a scripts capable of executing various commands.
There exists a vulnerability in all mbNET.mini devices with firmware <= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests.
Update: 03.07.2024 3:30 pm
In section Reported by Sebastian Dietz (CyberDanube) was added.
There exists a vulnerability in all REX 100 devices with firmware <= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests.
Update: 03.07.2024 3:30pm
In section Reported by Sebastian Dietz (CyberDanube) was added.
The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.
All legitimate local Microsoft Windows users can read or modify files that are located in the working directory of the affected CODESYS products, even if they are executed under a different user or in the system context.
The CODESYS OPC UA stack of the CODESYS Control runtime system may incorrectly calculate the required buffer size for received requests/responses. This can lead to a crash of the CODESYS runtime system during the subsequent initialization of the receive buffer with zero.
Update: 10.07.2024 In the Remediation section, the release date of the update has been deleted as the update is now available.