Advisories | CERT@VDE

1
2 (current)
3
4

2021-08-16 14:01 VDE-2021-028

Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities

Critical vulnerabilities have been discovered in the utilized component TRECK TCP/IP Stack by Digi International Inc.

For more information see advisory by Digi International Inc.:
Digi International Security Notice - TRECK TCP/IP Stack "RIPPLE20" VU#257161 ICS-VU-035787 | Digi International

weiter ...

CVE-2020-11896: 10.0

CVE-2020-11897: 10.0

CVE-2020-11898: 9.1

CVE-2020-11901: 9.0

CVE-2020-11900: 8.2

CVE-2020-11902: 7.3

CVE-2020-11904: 7.3

CVE-2020-11905: 6.5

CVE-2020-11903: 6.5

CVE-2020-11906: 6.3

CVE-2020-11907: 6.3

CVE-2020-11899: 5.4

CVE-2020-11910: 5.3

CVE-2020-11909: 5.3

CVE-2020-11912: 5.3

CVE-2020-11913: 5.3

CVE-2020-11911: 5.3

CVE-2020-11908: 4.3

CVE-2020-11914: 4.3

2021-08-16 14:00 VDE-2021-027

Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service

Critical vulnerabilities have been discovered in the product and in the utilized components jQuery by jQuery Team and TLS Version 1.0/1.1.

The impact of the vulnerabilities on the affected device may result in

denial of service
remote code execution
code exposure

weiter ...

CVE-2021-34565: 9.8

CVE-2021-34561: 8.8

CVE-2016-10707: 7.5

CVE-2021-33555: 7.5

CVE-2019-11358: 6.1

CVE-2014-6071: 6.1

CVE-2012-6708: 6.1

CVE-2015-9251: 6.1

CVE-2021-34562: 6.1

CVE-2020-11023: 6.1

CVE-2020-11022: 6.1

CVE-2020-7656: 6.1

CVE-2021-34560: 5.5

CVE-2021-34564: 5.5

CVE-2021-34559: 5.3

CVE-2007-2379: 5.0

CVE-2011-4969: 4.3

CVE-2021-34563: 3.3

CVE-2013-0169: 2.6

2021-07-30 09:55 VDE-2021-034

Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

See details on Microsoft Advisory CVE-2021-34527 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527)

weiter ...

CVE-2021-34527: 8.8

2021-05-12 10:57 VDE-2021-018

Pepperl+Fuchs: Multiple vulnerabilites in ICE1 Ethernet IO Modules

Critical vulnerability has been discovered in the utilized components rcX, mbedTLS, PROFINET IO Device and EtherNet/IP Core by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerabilities on the affected device is that it can result in:

Denial of Service (DoS)
Remote Code Execution (RCE)
Code Exposure

Note

ICE1-8IOL-S2-G60L-V1D (70103603) is not affected by CVE-2021-20986

weiter ...

CVE-2021-20987: 8.6

CVE-2021-20988: 7.5

CVE-2021-20986: 7.5

CVE-2019-18222: 4.7

2021-03-08 14:44 VDE-2020-053

Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities

Several critical vulnerabilities within firmware.

weiter ...

CVE-2020-12504: 9.8

CVE-2020-12502: 8.8

CVE-2020-12503: 7.2

2021-02-16 15:53 VDE-2021-007

Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service

Critical vulnerability has been discovered in the utilized component Ethernet IP Stack by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerability on the affected device is that it can

denial of service
remote code execution
code exposure

For more information see advisory by Hilscher:
https://kb.hilscher.com/pages/viewpage.action?pageId=108969480

weiter ...

CVE-2021-20987: 8.6

2021-02-16 15:53 VDE-2021-006

Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service

Critical vulnerability has been discovered in the utilized component PROFINET IO Device by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerability on the affected device is that it can