A JavaScript injection vulnerability has been discovered in the XML editing system SCHEMA ST4 online
help by Quanos Solutions GmbH. For details refer to CVE.
This vulnerability may allow an attacker to inject JavaScript code via URL to the affected products

A vulnerability was reported in WIBU-SYSTEMS CodeMeter Runtime.
WIBU-SYSTEMS CodeMeter Runtime is part of the installation packages of several Festo products.
FluidDraw < 6.2c and CIROS <= 7.0.6 contain a vulnerable version of WIBU-SYSTEMS CodeMeter Runtime.

Multiple Wiesemann & Theis product families are affected by a vulnerability in the web interface. The device allows an unauthenticated attacker to get the session ID of a logged in user. He may then spoof his IP address to act as the logged in user.

Two vulnerabilities have been discovered in the Expat XML parser library (aka libexpat). This open-source component is widely used in a lot of products worldwide. An attacker could cause a program to crash, use unexpected values or execute code by exploiting these use-after-free vulnerabilities.

Profinet SDK is using XML parser library Expat as reference solution for loading the XML based Profinet network configuration files (IPPNIO or TIC).

An unauthenticated remote attacker could reset the administrator's password with information from the default, self-signed certificate.

Incomplete Festo product documentation of remote accessible functions and their required IP ports. Depending on the product a description of the supported features can be found in the product documentation to some extent.

Update A, 2022-12-13

Added affected device "Bus module CPX-E-PN, 4080497"

The products are shipped with an unsafe configuration of the integrated CODESYS Runtime
environment. In this case no default password is set to the CODESYS PLC and therefore access
without authentication is possible.

With a successful established connection to the CODESYS Runtime the PLC-Browser commands are
available. Thus granting the possibilities to e.g. read and modify the configuration file(s), start/stop
the application and reboot the device.

Pilz: PAS 4000 prone to ZipSlip

PAS4000 is the software platform for the Automation System PSS 4000. PAS 4000 does not properly check pathnames contained in archives. An attacker can utilise this vulnerability to write arbitrary files, potentially leading to code execution.


By Vendor




(Scoring for CVSS 2.0,3.0+3.1)
No CVE available
0.1 <= 3.9
4.0 <= 6.9
7.0 <= 8.9
9.0 <= 10.0