Advisories | CERT@VDE

2024-03-13 09:30 VDE-2023-039

Wago: Multiple vulnerabilities in web-based management of multiple products

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning, and updates.

The option to change the configuration data via tools or the web-based-management enabled attackers to prepare cross-site-scripting attacks and under specific circumstances perform remote code execution.

CVE-2015-10123: 7.5

CVE-2018-25090: 6.1

2024-03-12 08:00 VDE-2024-011

PHOENIX CONTACT: Multiple vulnerabilities in CHARX SEC charge controllers

Multiple vulnerabilities have been discovered in the Firmware of CHARX SEC charge controllers. These vulnerabilities were discovered as part of a PWN2OWN competition initiated by Trend Micro Zero Day Initiative (ZDI).

CVE-2024-25995: 9.8

CVE-2024-26288: 8.7

CVE-2024-25999: 8.4

CVE-2024-26002: 7.8

CVE-2024-26003: 7.5

CVE-2024-26004: 7.5

CVE-2024-26001: 7.4

CVE-2024-25998: 7.3

CVE-2024-26000: 5.9

CVE-2024-25994: 5.3

CVE-2024-25997: 5.3

CVE-2024-25996: 5.3

CVE-2024-26005: 4.8

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (9)

Bender (2)

CODESYS (8)

Endress+Hauser (10)

Festo (11)

Festo Didactic (6)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (7)

HIMA (2)

ifm (1)

Innominate (2)

Lenze (2)

MB connect line (9)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (26)

PHOENIX CONTACT (80)

Pilz (13)

Red Lion Europe (2)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (2)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (55)

Weidmueller (10)

Welotec (2)

Wiesemann & Theis (3)

Archive

2024

April (3)
March (2)
February (6)
January (7)

2023

December (14)
November (5)
October (5)
September (5)
August (13)
July (5)
June (3)
May (4)
April (1)
March (3)
February (3)
January (2)

2022

December (5)
November (10)
October (5)
September (7)
August (4)
July (4)
June (7)
May (3)
April (11)
March (5)
January (5)

2021

December (2)
November (6)
October (5)
September (2)
August (10)
July (3)
June (9)
May (6)
April (2)
March (3)
February (3)
January (4)

2020

December (4)
November (3)
October (6)
September (8)
August (1)
July (3)
June (4)
May (2)
March (12)
February (2)

2019

December (2)
October (3)
September (1)
June (4)
May (2)
March (6)
January (1)

2018

October (1)
September (1)
August (2)
July (3)
May (4)
March (1)
February (1)
January (2)

2017

December (2)
November (1)
September (1)
March (1)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0