Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual

An issue was discovered in myREX24 and myREX24.virtual in all versions through 2.11.2.


CVE-2022-22520: 5.3

MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24

An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.11.2.


CVE-2022-22520: 5.3

MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 (Update A)

Two issues have been discovered in mymbCONNECT24 and mbCONNECT24 in all versions
including V2.8.0.

Update A, 2022-09-07:

  • Updated affected versions (and solution) due to incomplete fixes in previous versions


CVE-2021-34575: 7.5
CVE-2021-34574: 4.3

MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 (Update A)

Multiple vulnerabilities have been found in mymbCONNECT24 and mbCONNECT24.

Update A, 2022-09-07:

  • Affected Products: updated affected versions due to incomplete fixes of some CVEs. See Solution for details.
  • Solution: updated version information.
  • Solution: Added Fix for CVE-2020-35561.
  • Solution: Added MFA remark for CVE-2020-35565.


CVE-2020-35565: 9.8
CVE-2020-10384: 7.8
CVE-2020-35567: 7.8
CVE-2020-12528: 7.7
CVE-2020-35558: 7.5
CVE-2020-35564: 7.5
CVE-2020-35557: 6.5
CVE-2020-12530: 6.1
CVE-2020-35569: 6.1
CVE-2020-35560: 6.1
CVE-2020-35563: 5.4
CVE-2020-35570: 5.3
CVE-2020-35561: 5.3
CVE-2020-12529: 5.3
CVE-2020-35566: 5.3
CVE-2020-12527: 4.3
CVE-2020-35568: 4.3
CVE-2020-35559: 4.3

WAGO: Multiple Products Series affected by multiple CODESYS vulnerabilities

Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.


CVE-2019-9013: 8.8
CVE-2019-9011: n/a
CVE-2020-12067: n/a
CVE-2020-12069: n/a

WAGO: Multiple product series affected by multiple CODESYS vulnerabilities

Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.


CVE-2021-33485: 9.8
CVE-2020-6081: 8.8
CVE-2021-36763: 7.5
CVE-2021-36765: 7.5
CVE-2021-29241: 7.5
CVE-2021-29242: 7.3

TRUMPF: Products prone to Unified Automation vulnerabilities

A number of TRUMPF software tools use the OPC UA Server in C++ based OPC UA SDK by Unified Automation. The application contains several vulnerabilities, which enable an attacker to send malicious data to the application, resulting in a Denial-of-Service.


CVE-2022-29862: 7.5
CVE-2022-29864: 7.5

AUMA: Multiple Vulnerabilities in Automation Runtime NTP Service

The SIMA2 Master Station features an NTP service based on ntpd, a reference implementation of the Network Time Protocol (NTP). Affected SIMA2 Master Stations with software version < V2.6 include an outdated version of ntpd which is affected by a large number of vulnerabilities


CVE-2015-7853: 9.8
CVE-2015-7705: 9.8
CVE-2018-12327: 9.8
CVE-2015-7871: 9.8
CVE-2018-7183: 9.8
CVE-2017-6458: 8.8
CVE-2015-7849: 8.8
CVE-2017-6460: 8.8
CVE-2015-7854: 8.8
CVE-2017-6451: 7.8
CVE-2017-6462: 7.8
CVE-2015-7974: 7.7
CVE-2018-7185: 7.5
CVE-2018-7184: 7.5
CVE-2018-7182: 7.5
CVE-2014-9293: 7.5
CVE-2014-9294: 7.5
CVE-2014-9295: 7.5
CVE-2020-11868: 7.5
CVE-2019-8936: 7.5
CVE-2015-5300: 7.5
CVE-2015-7691: 7.5
CVE-2015-7692: 7.5
CVE-2015-7701: 7.5
CVE-2015-7703: 7.5
CVE-2015-7704: 7.5
CVE-2016-4954: 7.5
CVE-2015-7978: 7.5
CVE-2015-7979: 7.5
CVE-2016-7434: 7.5
CVE-2016-7426: 7.5
CVE-2016-4957: 7.5
CVE-2016-4953: 7.5
CVE-2020-13817: 7.4
CVE-2016-1548: 7.2
CVE-2016-1549: 6.5
CVE-2015-7973: 6.5
CVE-2015-7702: 6.5
CVE-2016-9310: 6.5
CVE-2015-7855: 6.5
CVE-2017-6464: 6.5
CVE-2015-7851: 6.5
CVE-2017-6463: 6.5
CVE-2015-7850: 6.5
CVE-2009-3563: 6.4
CVE-2015-7975: 6.2
CVE-2015-7852: 5.9
CVE-2016-9311: 5.9
CVE-2015-7977: 5.9
CVE-2016-2519: 5.9
CVE-2016-4955: 5.9
CVE-2015-8158: 5.9
CVE-2014-9750: 5.8
CVE-2016-1547: 5.3
CVE-2016-4956: 5.3
CVE-2016-2518: 5.3
CVE-2016-7431: 5.3
CVE-2016-7433: 5.3
CVE-2016-2517: 5.3
CVE-2016-2516: 5.3
CVE-2016-1550: 5.3
CVE-2015-8139: 5.3
CVE-2015-8138: 5.3
CVE-2018-8956: 5.3
CVE-2014-9296: 5.0
CVE-2013-5211: 5.0
CVE-2020-15025: 4.9
CVE-2015-8140: 4.8
CVE-2016-7428: 4.3
CVE-2016-7427: 4.3
CVE-2015-7976: 4.3
CVE-2016-1551: 3.7
CVE-2016-7429: 3.7

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017
2014

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0