The Lenze VPN client is vulnerable to a Local Privilege Escalation to root/SYSTEM by executing a configuration file which can be controlled by a non-privileged user. This occurs through a race condition exploit, where an attacker can overwrite the temporary OpenVPN configuration file located in a world-writable directory. By injecting malicious commands into the configuration file prior to its execution by the VPN client, an attacker can trigger arbitrary code execution with root/system privileges when a VPN connection is initiated. The vulnerability has been remediated in the version 1.4.4 of the Lenze VPN client. Due to some further developments and completion of the functional scope, it is recommended to update the firmware of the x500 IoT Gateway devices immediately, regardless of the current security vulnerability in the VPN client.
Weidmueller industrial ethernet switches are affected by multiple vulnerabilities.
Weidmueller has released new firmwares of the affected products to fix the vulnerabilities.
A stored cross-site scripting vulnerability has been discovered in the profinet gateway LB8122A.1.EL. An attacker can write an HTML tag with up to 32 characters in the message field of a HART transmitter. The HTML tag is interpreted as HTML when the HART information is displayed in a webbrowser. If the HTML tag contains a link to a manipulated page, a user can be tricked into accessing this page. Furthermore, an attacker can access information about running processes via the SNMP protocol. Sending such SNMP read commands can also trigger a reboot.
Weidmueller product ResMa is affected by ASP.NET AJAX vulnerability.
Weidmueller has released a new firmware for the affected product to fix the vulnerability.
A denial of service (DoS) attack targeting port 80 (http service) can overload the device (CWE-770). This behaviour has been observed when running network security scanners.
Multiple W&T devices are shipped with a jQuery version with a known XSS vulnerability.
A security researcher discovered a privilege escalation vulnerability in the demo system area of the SMA Classic Portal, www.sunnyportal.com. Only systems of other users have been affected who unintendedly and illicitly had added their non-demo systems to the demo system area.
Sending too much data in the service telegram of AUMA actuators leads to a buffer overflow in the actuator controls. Depending on the actuator, the service telegram is transmitted either via Bluetooth or RS232