Festo: Vulnerable Siemens TIA-Portal in multiple Festo Didactic products

A vulnerability was reported in Siemens TIA Portal. TIA Portal is part of the installation packages of several Festo Didactic products.

TP 260 before June 2023 and MES PC based on DELL XE3 contain a vulnerable versions of TIA Portal V15 to V18.

Affected products of TIA Portal contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system.


CVE-2023-26293: 7.8

WAGO: Multiple products vulnerable to local file inclusion

An attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way.

UPDATE 07.05.2025: The fixed versions have been updated, because the previously mentioned versions are still vulnerable to this issue. More details have been added to the hardware devices. More affected version numbers were added to the firmwares.


CVE-2023-4089: 2.7

Helmholz: Vulnerability allows access to non-critical information in myREX24 and myREX24.virtual


CVE-2023-4834: 4.3

Red Lion Europe: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24


CVE-2023-4834: 4.3

Pilz : WIBU Vulnerabilitiy in multiple Products (Update A)

Several Pilz products use the 3rd party component "CodeMeter Runtime" from WIBU-SYSTEM AG to manage software licenses. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. The vulnerability can be exploited locally or over the network.

Update A, 2023-12-05

  • changed affected version of "Software PASvisu < 1.15.0" to "Software PASvisu < 1.14.1"
  • removed CVE-2023-4701 because it was revoked.


CVE-2023-3935: 9.8

Wago: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT and WAGO-I/O-Pro (UPDATE B)

UPDATE A 26.09.2023:
Changed affected Version of e!Cockpit from < 1.11.2.0 to <= 1.11.2.0

Vulnerabilities are reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations. All currently existing e!COCKPIT installation bundles and WAGO-I/O-Pro (CODESYS 2.3) installation bundles are affected with vulnerable versions of WIBU-SYSTEMS Codemeter.

UPDATE B 20.11.2023:
Removed CVE-2023-4701 because it was revoked.


CVE-2023-3935: 9.8

Frauscher: Multiple Vulnerabilities in FDS101

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are prone to multiple vulnerabilities which could lead up to a full compromise of the FDS101 device.


CVE-2023-4291: 9.8
CVE-2023-4152: 7.5
CVE-2023-4292: 5.3

PHOENIX CONTACT: Multiple products affected by WIBU Codemeter Vulnerability (Update A)

A Vulnerability in WIBU-SYSTEMS CodeMeter Runtime affects multiple Phoenix Contact products.

Phoenix Contact devices using CodeMeter embedded are not affected by this vulnerability.

Update A, 2023-11-13

Removed CVE-2023-4701 because it was revoked.


CVE-2023-3935: 9.8

Feeds

Nach Hersteller

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0