PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware (Update A)

UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022)

Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements.

PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.


CVE-2022-32207: 9.8
CVE-2022-0547: 9.8
CVE-2022-25235: 9.8
CVE-2022-25236: 9.8
CVE-2022-25315: 9.8
CVE-2022-2207: 9.8
CVE-2022-28391: 8.8
CVE-2022-0729: 8.8
CVE-2022-24407: 8.8
CVE-2022-27778: 8.1
CVE-2022-22576: 8.1
CVE-2022-1769: 7.8
CVE-2022-1785: 7.8
CVE-2022-2257: 7.8
CVE-2022-1886: 7.8
CVE-2022-1851: 7.8
CVE-2022-1898: 7.8
CVE-2022-1720: 7.8
CVE-2022-2206: 7.8
CVE-2022-0572: 7.8
CVE-2022-2210: 7.8
CVE-2022-2344: 7.8
CVE-2022-2345: 7.8
CVE-2022-1733: 7.8
CVE-2022-1796: 7.8
CVE-2022-1621: 7.8
CVE-2022-1616: 7.8
CVE-2022-1619: 7.8
CVE-2022-1629: 7.8
CVE-2022-1735: 7.8
CVE-2022-0943: 7.8
CVE-2022-1160: 7.8
CVE-2022-2284: 7.8
CVE-2022-0685: 7.8
CVE-2022-2285: 7.8
CVE-2022-0361: 7.8
CVE-2022-0368: 7.8
CVE-2021-3973: 7.8
CVE-2022-1927: 7.8
CVE-2022-1942: 7.8
CVE-2022-2129: 7.8
CVE-2022-2175: 7.8
CVE-2022-2182: 7.8
CVE-2022-2183: 7.8
CVE-2022-2343: 7.8
CVE-2022-2264: 7.8
CVE-2022-2288: 7.8
CVE-2022-1381: 7.8
CVE-2022-2289: 7.8
CVE-2022-2286: 7.8
CVE-2022-1154: 7.8
CVE-2022-23308: 7.5
CVE-2022-29864: 7.5
CVE-2019-19906: 7.5
CVE-2022-27782: 7.5
CVE-2022-25314: 7.5
CVE-2018-25032: 7.5
CVE-2022-29862: 7.5
CVE-2022-27780: 7.5
CVE-2022-27781: 7.5
CVE-2022-27775: 7.5
CVE-2022-1620: 7.5
CVE-2022-0778: 7.5
CVE-2021-3796: 7.3
CVE-2022-2287: 7.1
CVE-2021-4166: 7.1
CVE-2022-29824: 6.5
CVE-2022-25313: 6.5
CVE-2021-45117: 6.5
CVE-2022-27776: 6.5
CVE-2022-32206: 6.5
CVE-2022-32208: 5.9
CVE-2022-27774: 5.7
CVE-2022-0714: 5.5
CVE-2022-0696: 5.5
CVE-2022-2231: 5.5
CVE-2022-2208: 5.5
CVE-2022-1771: 5.5
CVE-2022-1674: 5.5
CVE-2022-1420: 5.5
CVE-2022-27779: 5.3
CVE-2022-30115: 4.3
CVE-2022-32205: 4.3

Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0

The UWP 3.0 family of Monitoring Gateways and Controllers and the CPY Car Park Server are affected by multiple vulnerabilities in their set-up software, runtime firmware, embedded Web interface.


CVE-2022-22522: 9.8
CVE-2022-22526: 9.8
CVE-2022-28811: 9.8
CVE-2022-28812: 9.8
CVE-2022-28814: 9.8
CVE-2022-22524: 9.4
CVE-2022-22523: 7.5
CVE-2022-28813: 7.5
CVE-2022-22525: 7.2
CVE-2022-28816: 6.1
CVE-2022-28815: 2.7

Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function UPDATE A

UPDATE A (19.10.2022): Added Control block-Set CPX-CEC-C1 and Control block-SET
CPX-CMXX to affected products.

Unauthenticated access to critical webpage functions (e.g. reboot) may cause a denial of service of the device.


CVE-2022-3079: 7.5

Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual

Multiple vulnerabilities have been found in myREX24 and myREX24.virtual. 


CVE-2020-35565: 9.8
CVE-2020-10384: 7.8
CVE-2020-35567: 7.8
CVE-2020-12528: 7.7
CVE-2020-35564: 7.5
CVE-2020-35558: 7.5
CVE-2021-34575: 7.5
CVE-2020-35557: 6.5
CVE-2020-12530: 6.1
CVE-2020-35569: 6.1
CVE-2020-35560: 6.1
CVE-2020-35563: 5.4
CVE-2020-35561: 5.3
CVE-2020-35566: 5.3
CVE-2020-12529: 5.3
CVE-2020-35570: 5.3
CVE-2020-35568: 4.3
CVE-2020-12527: 4.3
CVE-2021-34574: 4.3
CVE-2020-35559: 4.3

Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual

An issue was discovered in myREX24 and myREX24.virtual in all versions through 2.11.2.


CVE-2022-22520: 5.3

MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24

An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.11.2.


CVE-2022-22520: 5.3

MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 (Update 1.2.0)

Two issues have been discovered in mymbCONNECT24 and mbCONNECT24 in all versions
including V2.8.0.

Update A, 2022-09-07:

  • Updated affected versions (and solution) due to incomplete fixes in previous versions

Update 1.2.0, 2025-06-06:

  • Fixed CVE-IDs in Solution/Remidiation


CVE-2021-34575: 7.5
CVE-2021-34574: 4.3

MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 (Update A)

Multiple vulnerabilities have been found in mymbCONNECT24 and mbCONNECT24.

Update A, 2022-09-07:

  • Affected Products: updated affected versions due to incomplete fixes of some CVEs. See Solution for details.
  • Solution: updated version information.
  • Solution: Added Fix for CVE-2020-35561.
  • Solution: Added MFA remark for CVE-2020-35565.


CVE-2020-35565: 9.8
CVE-2020-10384: 7.8
CVE-2020-35567: 7.8
CVE-2020-12528: 7.7
CVE-2020-35558: 7.5
CVE-2020-35564: 7.5
CVE-2020-35557: 6.5
CVE-2020-12530: 6.1
CVE-2020-35569: 6.1
CVE-2020-35560: 6.1
CVE-2020-35563: 5.4
CVE-2020-35570: 5.3
CVE-2020-35561: 5.3
CVE-2020-12529: 5.3
CVE-2020-35566: 5.3
CVE-2020-12527: 4.3
CVE-2020-35568: 4.3
CVE-2020-35559: 4.3

Feeds

Nach Hersteller

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0