The SIMA2 Master Station features an NTP service based on ntpd, a reference implementation of the Network Time Protocol (NTP). Affected SIMA2 Master Stations with software version < V2.6 include an outdated version of ntpd which is affected by a large number of vulnerabilities



The machine controller of the cabinet series include an OPC-UA server which uses an user management to authenticate clients via anonymous or user/password authentication. If the user/password authentication is selected, password verification is skipped upon second login. As a result, cases occur in which users can establish communication without correct authentication. This vulnerability is not located in the OPC-UA protocol or server, but in the interface to the products firmware.

This Security Advisory is only relevant for the following use cases:

• the user management has been activated on the machine controller (is deactivated by default)

• the OPC-UA Server is used

• Data are transferred via a symbol configuration (is not available by default)



The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability.

Update A, 2022-07-05

Remediation has been updated. Fixed firmwares are now available.



A critical vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit (EADK) by Pyramid Solutions, Inc.. For details refer to CVE(s).
This vulnerability may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition of the affected products.

The indicated firmware versions are only used on products of hardware version 01.xx.xx.



ProConOS/ProConOS eCLR designed for use in closed industrial networks provide communication protocols without authentication.

Please also refer the original ICS-CERT advisory ICSA-15-013-03 published 13 January 2015.



ProConOS/ProConOS eCLR insufficiently verifies uploaded data.



Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0