A security researcher discovered a Cross Site Request Forgery (CSRF, XSRF) vulnerability in SMA Cluster Controller. The affected products are out of support (End-of-Life 2018-06-30).
A security researcher discovered that in the affected products a clickjacking vulnerability in the web frontend exists. An attacker could lure the user to click on a malicious website which seems to be the WebUI of the affected product. The affected products are out of support (End-of-Life 2015-12-31).
The CODESYS Key USB dongle, which is based on WIBU CodeMeter technology, is affected by a physical side-channel vulnerability.
Improper file permission handling allows an authenticated low privileged user to gain root access.
A vulnerability has been found in a cryptographic library of Infineon Technologies that is part of the firmware of the CmDongles. The exploitation of this vulnerability has been classified as complex: potential attackers need physical access and require special equipment to exploit the vulnerability. In general, this vulnerability affects only ECC keys used to calculate signatures with the ECDSA algorithm.