Two vulnerabilites have been discovered in myREX24 and myREX24.virtual in all versions through 2.13.3.
Two vulnerabilites have been discovered in mbCONNECT24 and mbCONNECT24 in all versions through 2.13.3.
The “legal information” plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user.
A Directory Traversal Vulnerability enables arbitrary file access in ENERGY AXC PU Web service.
An authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service.
VARTA energy storage systems have a web user interface via which users and installers can access live data measurements and configure the system to their needs. It has been discovered that the corresponding credentials are hard-coded within the frontend and thus potentially exploitable.
Multiple vulnerabilities have been discovered in CODESYS Control V3 runtime system.
For details regarding the single vulnerabilities please refer to the security advisories issued by CODESYS:
Two Vulnerabilities have been discovered in TC ROUTER 4000 series and CLOUD CLIENT 2000 series up to firmware version 4.5.7x.107.
The web administration interface is vulnerable for authenticated admin users to path traversals, which could lead to arbitrary file uploads or deletion. Unvalidated user input also enables execution of OS commands.