The MAC address filter as part of the firewall has a flaw, which prevents the MAC address filter to be active after restart. In this way a remote attacker is able to circumvent the MAC address filtering after a reboot of a device.



UPDATE A: Solution has updated release dates
UPDATE B: Solution has updated release dates

This Advisory is published with reference to:

  • CODESYS Advisory 2022-11 (Security update for CODESYS Control V2)
  • CODESYS Advisory 2022-12 (Security update for CODESYS V2 password transport)
  • CODESYS Advisory 2022-13 (Security update for CODESYS Gateway V2)



TRUMPF TruTops prone to improper access control

During the installation of specific TRUMPF Windows applications, privileged local users with default usernames and passwords are created. An adversary could use these users to access and compromise the affected Windows systems and, under certain circumstances, other network resources.



WAGO: FTP-Server - Denial-of-Service

The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.
See also: Siemens Advisory published October 11th, 2022 - SSA-313313



UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022)

Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements.

PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.



Feeds

By Vendor

Archive

2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0