The affected devices run a SSH server that is affected by the regreSSHion vulnerability despite the fact that no user can actually log in through SSH. Attackers may exploit this vulnerability to gain root access to the device.
Vulnerabilities in .NET and Visual Studio functions System.Text.Json, System.Formats.Asn1, OPCFoundation.NetStandard.Opc.Ua.Core allow an remote attacker to execute a Denial-of-Servce attack.
The CODESYS web server component of the CODESYS Control runtime system is used by the CODESYS WebVisu to display visualization screens in a web browser. Receiving a specifically crafted TLS packet on an HTTPS connection causes the CODESYS web server to crash because the return value of an underlying function is not checked correctly for such unusual conditions.
The OSCAT Basic library is one of several libraries developed and provided by OSCAT. OSCAT (oscat.de) stands for "Open Source Community for Automation Technology".
The OSCAT Basic library offers function blocks for various tasks, e.g. for buffer management, list processing, control technology, mathematics, string processing, time and date conversion. By adding the OSCAT Basic library into IEC 61131-3-compliant programming tools, PLC programmers can use all the functions provided by the library in their control programs.
Within the library, the MONTH_TO_STRING function is affected by an out-of-bounds read vulnerability. Exploitation of the vulnerability may lead to limited access to internal data or possibly to a crash of the PLC.
Echo Curve Viewer is an utility used for offline visualization of previously recorded envelope curve data. Envelope curve records are exported from other Endress+Hauser software products like FieldCare as .curves files.
Echo Curve Viewer opens .curves files and displays their contents. The .curves files contain device- specific C# calculation scripts as .cs files, that are needed for the interpretation of certain curve record types.
Echo Curve Viewer loads .curves files and executes the contained C# code.
Confidential data in HTTP query string of user requests. Incomplete sanitation of user input in administrative web interface.
CVE-2024-43392 only affects devices with firmware < 8.9.3.
mGuards use an OpenSSH server for SSH access. This server is vulnerable to a remote code injection.
The pathfinder TCP encapsulation service is vulnerable to a drain of open file descriptors.