A privilege escalation vulnerability exists in Phoenix Contact Device and Update Management prior to version 2025.3.1 due to misconfigured permissions on nssm.exe in the DAUM-WINDOWS-SERVICE. This misconfiguration allows a low-privileged local user to execute arbitrary code with administrative privileges.
Multiple vulnerabilities in the PLCnext system allowed low-privileged remote attackers to gain unauthorized access or trigger system reboots by manipulating configuration files and symbolic links. Affected services include watchdog, arp-preinit, and security-profile, potentially exposing critical system files. These issues have been resolved in firmware version 2025.0.2.
Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
Update Version 1.1.0: Updated the reporting credits for CVE-2025-25271.
Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2025.0.2
A denial of service (DoS) attack targeting port 80 (http service) can overload the device (CWE-770). This behaviour has been observed when running network security scanners.
A vulnerability has been found in a cryptographic library of Infineon Technologies that is part of the firmware of the CmDongles. The exploitation of this vulnerability has been classified as complex: potential attackers need physical access and require special equipment to exploit the vulnerability. In general, this vulnerability affects only ECC keys used to calculate signatures with the ECDSA algorithm.
Improper file permission handling allows an authenticated low privileged user to gain root access.