An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in REX200/250 devices, enabling the execution of arbitrary operating system commands and leading to full system compromise.
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in mbNET devices, enabling the execution of arbitrary operating system commands and leading to full system compromise.
Multiple vulnerabilities in all REX 100 devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
Multiple vulnerabilities in all mbNET.mini devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
Multiple vulnerabilities in the PLCnext system allowed low-privileged remote attackers to gain unauthorized access or trigger system reboots by manipulating configuration files and symbolic links. Affected services include watchdog, arp-preinit, and security-profile, potentially exposing critical system files. These issues have been resolved in firmware version 2025.0.2.
Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2025.0.2
Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
Update Version 1.1.0: Updated the reporting credits for CVE-2025-25271.