VDE-2023-055
Dec. 12, 2023, 8:00 AM
Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks. The controllers don't feature a function to check integrity and authenticity of the …
VDE-2023-049
Dec. 11, 2023, 8:00 AM
Frauscher Sensortechnik GmbH FDS102 for FAdC/FAdCi v2.10.1 is vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface by using an authenticated session cookie.
VDE-2023-066
Dec. 5, 2023, 3:25 PM
UPDATE 29.02.2024: Removed "This version is planned for January 2024." from Solution as the updated version is released.On CODESYS Control runtimes running on Linux or QNX operating systems, successfully authenticated …
VDE-2023-059
Dec. 5, 2023, 8:06 AM
The Builder and Viewer components of the product PASvisu are based on the 3rd-party-component Electron. Electron contains several other open-source components which are affected by vulnerabilities. The vulnerabilities may enable …
VDE-2023-035
Dec. 5, 2023, 8:00 AM
Several CODESYS setups contain and install vulnerable versions of the WIBU CodeMeter Runtime.
VDE-2023-045
Dec. 5, 2023, 8:00 AM
An attacker with privileges can enumerate projects and usernames through an iterative process, by making a request to a specific endpoint.
VDE-2023-044
Dec. 5, 2023, 8:00 AM
The Library WagoAppRTU which is part of the Wago Telecontrol Configurator is prone to improper input validation. By sending specifically crafted MMS packets an attacker can trigger a denial-of-service condition.
VDE-2023-062
Nov. 21, 2023, 9:15 AM
A heap-based buffer overflow caused by libcurl and wrong whitespace character interpretationin Javascript, both used in CodeMeter Runtime affecting multiple products by PHOENIX CONTACT.