A privilege escalation vulnerability has been identified in Endress+Hauser's Proline 10 devices. This flaw allows an authenticated user with Operator-level access to elevate their privileges and gain Maintenance-level access, potentially enabling unauthorized configuration changes.
Endress+Hauser has released a security update addressing this issue.
Several vulnerabilities in the Endress+Hauser MEAC300-FNADE4 were discovered, that can be accessed via Ethernet.
Several vulnerabilities have been identified in the web-based management of WAGO devices utilized in Endress+Hauser IoT solutions. WAGO has provided fixes for these vulnerabilities, which have been integrated into the solutions by Endress+Hauser. Additionally, a guideline on secure operation of these solutions has been made available.
Echo Curve Viewer is an utility used for offline visualization of previously recorded envelope curve data. Envelope curve records are exported from other Endress+Hauser software products like FieldCare as .curves files.
Echo Curve Viewer opens .curves files and displays their contents. The .curves files contain device- specific C# calculation scripts as .cs files, that are needed for the interpretation of certain curve record types.
Echo Curve Viewer loads .curves files and executes the contained C# code.
For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.
Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service.
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
Promass 83 devices utilizing 499ES EtherNet/IP (ENIP) Stack by Real Time Automation (RTA) are vulnerable to a stack-based buffer overflow.
Update A, 2021-10-07: