Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability

Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication.


CVE-2023-2880: 7.5

WAGO: Controller with CODESYS 2.3 Runtime Denial-of-Service

An authenticated attacker can send a malformed packet to trigger a device crash via the CODESYS V2 runtime commands parsing.


CVE-2023-1619: 4.9
CVE-2023-1620: 4.9

WAGO: Series 750-3x/-8x prone to MODBUS server DoS

An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly release memory resources that were reserved for incomplete connection attempts by MODBUS clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the MODBUS server.


CVE-2023-1150: 7.5

PHOENIX CONTACT: FL MGUARD affected by two vulnerabilities

The FL MGUARD family of devices is affected by two vulnerabilities.


CVE-2022-4304: 5.9
CVE-2023-2673: 5.8

Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual

Two vulnerabilites have been discovered in myREX24 and myREX24.virtual in all versions through 2.13.3.


CVE-2023-0985: 8.8
CVE-2023-1779: 4.3

MB Connect Line: Multiple vulnerabilities in mbConnect24 and mymbConnect24

Two vulnerabilites have been discovered in mbCONNECT24 and mbCONNECT24 in all versions through 2.13.3.


CVE-2023-0985: 8.8
CVE-2023-1779: 4.3

WAGO: Unauthenticated command execution via Web-based-management UPDATE A

The “legal information” plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user.

UPDATE A 15.06.2023 :

  • Removed PFC100 with FW23 as affected product and from solution
  • PFC200 with FW23 is only affected on 750-821x/xxx-xxx
  • Renamed "FW22 Patch 1" to "FW22 SP1" to match the versions of the download portal


CVE-2023-1698: 9.8

ads-tec: Multiple Vulnerabilities in IRF1000, IRF2000 and IRF3000


CVE-2015-8876: 9.8
CVE-2015-6835: 9.8
CVE-2015-4602: 9.8
CVE-2016-7411: 9.8
CVE-2016-7124: 9.8
CVE-2016-9138: 9.8
CVE-2017-12933: 9.8
CVE-2017-8923: 9.8
CVE-2017-11142: 7.5
CVE-2014-8142: 7.5
CVE-2015-2787: 7.5
CVE-2014-3669: 7.5
CVE-2015-0231: 7.5
CVE-2015-3415: 7.5
CVE-2015-3414: 7.5
CVE-2016-10161: 7.5
CVE-2014-9425: 7.5
CVE-2015-2348: 5.0

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0