UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022)

Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements.

PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.



The UWP 3.0 family of Monitoring Gateways and Controllers and the CPY Car Park Server are affected by multiple vulnerabilities in their set-up software, runtime firmware, embedded Web interface.



UPDATE A (19.10.2022): Added Control block-Set CPX-CEC-C1 and Control block-SET
CPX-CMXX to affected products.

Unauthenticated access to critical webpage functions (e.g. reboot) may cause a denial of service of the device.



An issue was discovered in myREX24 and myREX24.virtual in all versions through 2.11.2.



An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.11.2.



Two issues have been discovered in mymbCONNECT24 and mbCONNECT24 in all versions
including V2.8.0.

Update A, 2022-09-07:

  • Updated affected versions (and solution) due to incomplete fixes in previous versions

Update 1.2.0, 2025-06-06:

  • Fixed CVE-IDs in Solution/Remidiation



Multiple vulnerabilities have been found in mymbCONNECT24 and mbCONNECT24.

Update A, 2022-09-07:

  • Affected Products: updated affected versions due to incomplete fixes of some CVEs. See Solution for details.
  • Solution: updated version information.
  • Solution: Added Fix for CVE-2020-35561.
  • Solution: Added MFA remark for CVE-2020-35565.



Feeds

Nach Hersteller

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0