Frauscher: Multiple Vulnerabilities in FDS101

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are prone to multiple vulnerabilities which could lead up to a full compromise of the FDS101 device.



A Vulnerability in WIBU-SYSTEMS CodeMeter Runtime affects multiple Phoenix Contact products.

Phoenix Contact devices using CodeMeter embedded are not affected by this vulnerability.

Update A, 2023-11-13

Removed CVE-2023-4701 because it was revoked.



The TRUMPF CAD/CAM software tools mentioned above use the vulnerable CodeMeter Runtime (up to version 7.60b) application from WIBU-SYSTEMS AG to manage licenses within the component TRUMPF License Expert. This CodeMeter application contains new vulnerabilities, which may enable an attacker to gain full access to the server or workstation on which the TRUMPF License Expert has been installed on. A new version of the TRUMPF License Expert which fixes this vulnerability is available.
Machines with a running and correctly installed mGuard hardware firewall cannot be exploited by this vulnerability if used as intended (according to the manual).

Update A, 2023-11-13

Removed CVE-2023-4701 because it was revoked.



Incomplete user documentation of undocumented, authenticated test mode and further remote accessible functions. The supported features may be covered only partly by the corresponding user documentation.

Festo developed the products according to the respective state of the art. As a result, the protocols used no longer fully meet today's security requirements. The products are designed and developed for use in sealed-off (industrial) networks. If the network is not adequately sealed off, unauthorized access to the product can cause damage or malfunctions, particularly Denial of Service (DoS) or loss of integrity.



A vulnerability in the Video.js package could allow a user of LX Appliance, with a high privilege account (i.e., with the "Teacher" role), to craft a malicious course and launch an XSS attack.



A stored XXS vulnerability has been found in REX 200 and REX 250 in all versions before 7.3.2.



A stored XXS vulnerability has been found in mbNET and mbNET/.rokey in all versions before 7.3.2.



Multiple vulnerabilities allow an attacker to read arbitrary files, inject commands and bypass authentication or access control. Furthermore, hardcoded session and encryption keys as well as a missing firmware update signature and a service running with unnecessary privileges were discovered.



Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0