Improper file permission handling allows an authenticated low privileged user to gain root access.
A vulnerability has been found in a cryptographic library of Infineon Technologies that is part of the firmware of the CmDongles. The exploitation of this vulnerability has been classified as complex: potential attackers need physical access and require special equipment to exploit the vulnerability. In general, this vulnerability affects only ECC keys used to calculate signatures with the ECDSA algorithm.
Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS
Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS
The following firmware versions installed on several devices are vulnerable due to a vulnerability in the CODESYS Control V3 web server.
An unauthenticated attacker would be able to send crafted requests to cause the CODESYS Gateway Server V2 to allocate excessive memory or consume all available TCP client connections. Besides, passwords are insufficiently checked during login.
All versions of the following CODESYS V2 product prior version V2.3.9.38 are affected:
A security researcher discovered that in the affected products an authenticated (administration privileges) SQL injection has been found on the administration panel allowing access to a database. The database that can be accessed is a log database in which measurement data are stored for a graphical representation.
A vulnerability in the use of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered in several Pepperl+Fuchs devices.