Advisories | CERT@VDE

2024-06-11 08:00 VDE-2024-029

Phoenix Contact: Unbounded growth of OpenSSL session cache in multiple FL MGUARD devices

The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.

CVE-2024-2511: 7.5

2024-06-04 08:00 VDE-2024-027

CODESYS: Vulnerability in multiple products through exposure of resource to wrong sphere

All legitimate local Microsoft Windows users can read or modify files that are located in the working directory of the affected CODESYS products, even if they are executed under a different user or in the system context.

CVE-2023-5751: 7.8

2024-06-04 08:00 VDE-2024-026

CODESYS: Vulnerability can cause a DoS on CODESYS OPC UA products

The CODESYS OPC UA stack of the CODESYS Control runtime system may incorrectly calculate the required buffer size for received requests/responses. This can lead to a crash of the CODESYS runtime system during the subsequent initialization of the receive buffer with zero.

Update: 10.07.2024 In the Remediation section, the release date of the update has been deleted as the update is now available.

CVE-2024-5000: 7.5

2024-06-03 08:00 VDE-2024-028

ifm: moneo password reset can be exploited

moneo "Forgot Password" function has a vulnerability which allows gaining privileged access.

CVE-2024-5404: 9.8

Feeds

RSS / Atom

Nach Hersteller

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (13)

Bender (2)

CODESYS (12)

Endress+Hauser (11)

Festo (11)

Festo Didactic (7)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (9)

HIMA (2)

ifm (3)

Innominate (2)

Lenze (3)

MB connect line (9)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (29)

PHOENIX CONTACT (86)

Pilz (13)

Red Lion Europe (4)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (4)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (57)

Weidmueller (10)

Welotec (3)

Wiesemann & Theis (3)

Archiv

2024

September (7)
August (9)
Juli (7)
Juni (4)
Mai (4)
April (3)
März (2)
Februar (6)
Januar (7)

2023

Dezember (14)
November (5)
Oktober (5)
September (5)
August (13)
Juli (5)
Juni (3)
Mai (4)
April (1)
März (3)
Februar (3)
Januar (2)

2022

Dezember (5)
November (10)
Oktober (5)
September (7)
August (4)
Juli (4)
Juni (7)
Mai (3)
April (11)
März (5)
Januar (5)

2021

Dezember (2)
November (6)
Oktober (5)
September (2)
August (10)
Juli (3)
Juni (9)
Mai (6)
April (2)
März (3)
Februar (3)
Januar (4)

2020

Dezember (4)
November (3)
Oktober (6)
September (8)
August (1)
Juli (3)
Juni (4)
Mai (2)
März (12)
Februar (2)

2019

Dezember (2)
Oktober (3)
September (1)
Juni (4)
Mai (2)
März (6)
Januar (1)

2018

Oktober (1)
September (1)
August (2)
Juli (3)
Mai (4)
März (1)
Februar (1)
Januar (2)

2017

Dezember (2)
November (1)
September (1)
März (1)

Legende

(Scoring für CVSS 2.0,3.0+3.1)

keine

Kein CVE verfügbar

Niedrig

0.1 <= 3.9

Mittel

4.0 <= 6.9

Hoch

7.0 <= 8.9

Kritisch

9.0 <= 10.0