Advisories | CERT@VDE

2024-11-27 10:00 VDE-2024-074

SMA: SQL injection in Sunny Central UP

A security researcher discovered that in the affected products an authenticated (administration privileges) SQL injection has been found on the administration panel allowing access to a database. The database that can be accessed is a log database in which measurement data are stored for a graphical representation.

CVE-2024-11025: 5.4

2024-11-26 11:00 VDE-2024-065

PEPPERL+FUCHS: HMI devices are affected by Insecure Platform Key

A vulnerability in the use of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered in several Pepperl+Fuchs devices.

CVE-2024-8105: 6.4

2024-11-18 12:00 VDE-2024-047

WAGO: Multiple vulnerabilities in docker configuration

Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices.

CVE-2024-41969: 8.8

CVE-2024-41973: 8.1

CVE-2024-41967: 8.1

CVE-2024-41971: 8.1

CVE-2024-41974: 7.1

CVE-2024-41972: 6.5

CVE-2024-41970: 5.7

CVE-2024-41968: 5.4

Feeds

RSS / Atom

Nach Hersteller

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (14)

Bender (2)

CODESYS (14)

Endress+Hauser (12)

Festo (12)

Festo Didactic (7)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (11)

HIMA (2)

ifm (3)

Innominate (2)

Lenze (3)

MB connect line (11)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (31)

PHOENIX CONTACT (91)

Pilz (13)

Red Lion Europe (4)

SMA (3)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (4)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (61)

Weidmueller (10)

Welotec (3)

Wiesemann & Theis (3)

Archiv

2025

Februar (2)
Januar (5)

2024

Dezember (4)
November (3)
Oktober (8)
September (8)
August (9)
Juli (7)
Juni (4)
Mai (4)
April (3)
März (2)
Februar (6)
Januar (7)

2023

Dezember (14)
November (5)
Oktober (5)
September (5)
August (13)
Juli (5)
Juni (3)
Mai (4)
April (1)
März (3)
Februar (3)
Januar (2)

2022

Dezember (5)
November (10)
Oktober (5)
September (7)
August (4)
Juli (4)
Juni (7)
Mai (3)
April (11)
März (5)
Januar (5)

2021

Dezember (2)
November (6)
Oktober (5)
September (2)
August (10)
Juli (3)
Juni (9)
Mai (6)
April (2)
März (3)
Februar (3)
Januar (4)

2020

Dezember (4)
November (3)
Oktober (6)
September (8)
August (1)
Juli (3)
Juni (4)
Mai (2)
März (12)
Februar (2)

2019

Dezember (2)
Oktober (3)
September (1)
Juni (4)
Mai (2)
März (6)
Januar (1)

2018

Oktober (1)
September (1)
August (2)
Juli (3)
Mai (4)
März (1)
Februar (1)
Januar (2)

2017

Dezember (2)
November (1)
September (1)
März (1)

Legende

(Scoring für CVSS 2.0,3.0+3.1)

keine

Kein CVE verfügbar

Niedrig

0.1 <= 3.9

Mittel

4.0 <= 6.9

Hoch

7.0 <= 8.9

Kritisch

9.0 <= 10.0