Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.
Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.
A number of TRUMPF software tools use the OPC UA Server in C++ based OPC UA SDK by Unified Automation. The application contains several vulnerabilities, which enable an attacker to send malicious data to the application, resulting in a Denial-of-Service.
The SIMA2 Master Station features an NTP service based on ntpd, a reference implementation of the Network Time Protocol (NTP). Affected SIMA2 Master Stations with software version < V2.6 include an outdated version of ntpd which is affected by a large number of vulnerabilities
The Festo controller CECC product family in firmware version 2.4.2.0 is affected by multiple vulnerabilities in the CODESYS V3 runtime.
The Festo controller CECC product family is affected by multiple vulnerabilities in the CODESYS V3 runtime.
The machine controller of the cabinet series include an OPC-UA server which uses an user management to authenticate clients via anonymous or user/password authentication. If the user/password authentication is selected, password verification is skipped upon second login. As a result, cases occur in which users can establish communication without correct authentication. This vulnerability is not located in the OPC-UA protocol or server, but in the interface to the products firmware.
This Security Advisory is only relevant for the following use cases:
• the user management has been activated on the machine controller (is deactivated by default)
• the OPC-UA Server is used
• Data are transferred via a symbol configuration (is not available by default)
The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability.
Update A, 2022-07-05
Remediation has been updated. Fixed firmwares are now available.