The pathfinder TCP encapsulation service is vulnerable to a drain of open file descriptors.
Confidential data in HTTP query string of user requests. Incomplete sanitation of user input in administrative web interface.
CVE-2024-43392 only affects devices with firmware < 8.9.3.
mGuards use an OpenSSH server for SSH access. This server is vulnerable to a remote code injection.
Start sequence for firewall service allows attack during the boot process. Password is reset to default when the device undergoes a firmware upgrade.
The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.
Multiple vulnerabilities have been discovered in the Firmware of CHARX SEC charge controllers.
Update: credis have been updated
Multiple vulnerabilities have been discovered in the Firmware of CHARX SEC charge controllers. These vulnerabilities were discovered as part of a PWN2OWN competition initiated by Trend Micro Zero Day Initiative (ZDI).
Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks. The controllers don’t feature a function to check integrity and authenticity of the application (e.g.: logic files, executable logic, configurations).
A CRC Check warning the user if the application of the Engineering tool and the PLC differs can be manipulated.