VARTA energy storage systems have a web user interface via which users and installers can access live data measurements and configure the system to their needs. It has been discovered that the corresponding credentials are hard-coded within the frontend and thus potentially exploitable.



Multiple vulnerabilities have been discovered in CODESYS Control V3 runtime system.
For details regarding the single vulnerabilities please refer to the security advisories issued by CODESYS:

  • CODESYS Security Advisory 2022-02
  • CODESYS Security Advisory 2022-04
  • CODESYS Security Advisory 2022-06
  • CODESYS Security Advisory 2022-09



Two Vulnerabilities have been discovered in TC ROUTER 4000 series and CLOUD CLIENT 2000 series up to firmware version 4.5.7x.107.

The web administration interface is vulnerable for authenticated admin users to path traversals, which could lead to arbitrary file uploads or deletion. Unvalidated user input also enables execution of OS commands.



Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0