A stored XXS vulnerability has been found in mbNET and mbNET/.rokey in all versions before 7.3.2.
Multiple vulnerabilities allow an attacker to read arbitrary files, inject commands and bypass authentication or access control. Furthermore, hardcoded session and encryption keys as well as a missing firmware update signature and a service running with unnecessary privileges were discovered.
Several vulnerabilities have been discovered in the LibGit2Sharp or underlying LibGit2 library.
This open-source component is widely used in a lot of products worldwide.
The product is vulnerable to remote code execution, privilege escalation and tampering.
PLCnext Engineer is using the LibGit2Sharp library to provide version control capabilities.
Two vulnerabilities have been discovered in the firmware of TC ROUTER and TC CLOUD CLIENT devices.
Update A, 2024-08-12
Forescout Research Labs, partnering with JSOF Research, disclosed NAME:WRECK, a set of Domain Name System (DNS) vulnerabilities that have the potential to cause either Denial of Service (DoS) or Remote Code Execution, allowing attackers to take targeted devices offline or to gain control over them. The vulnerability could be exploited by an attacker on the same network or on a remote network by spoofing packets.
A reflected cross-site scripting vulnerability exists in the System Diagnostics Manager (SDM) component of SIMA² Master Stations.
The CODESYS Control V3 runtime system does not restrict the memory accesses of the PLC application code to the PLC application data and does not sufficiently check the integrity of the application code by default. This could be exploited by authenticated PLC programmers.
The CODESYS Development System does not limit the number of attempts to guess the password within an import dialog.