Advisories

Für CVSS 2.0, 3.0 und 3.2
VDE-2025-077
Sept. 9, 2025, 12:00 nachm.

Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices

The jq JSON processor, which is used to migrate firmware configurations in the product, contains 2 vulnerabilities that can be exploited by an authenticated attacker.
CVE-2025-48060
CVE-2024-23337
VDE-2025-064
Sept. 9, 2025, 9:00 vorm.

Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation

A local privilege escalation vulnerability in Phoenix Contact products utilizing WIBU-SYSTEMS CodeMeter Runtime allows users to gain admin rights on freshly installed systems. The CodeMeter Control Center starts with elevated …
CVE-2025-47809
VDE-2025-063
Aug. 12, 2025, 12:00 nachm.

Phoenix Contact: Device and Update Management Windows Installer Privilege Escalation

A privilege escalation vulnerability exists in Phoenix Contact Device and Update Management prior to version 2025.3.1 due to misconfigured permissions on nssm.exe in the DAUM-WINDOWS-SERVICE. This misconfiguration allows a low-privileged …
CVE-2025-41686
VDE-2025-053
Juli 8, 2025, 12:00 nachm.

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2025.0.2
CVE-2024-12084
CVE-2024-10918
CVE-2024-52533
CVE-2025-0665
CVE-2024-38428
CVE-2024-5594
CVE-2024-5535
CVE-2024-6345
CVE-2025-24965
CVE-2024-9341
CVE-2018-1000035
CVE-2024-9287
CVE-2018-20969
CVE-2018-1000156
CVE-2019-13638
CVE-2024-12085
CVE-2024-6232
CVE-2018-6952
CVE-2018-6951
CVE-2024-6119
CVE-2024-25062
CVE-2025-27113
CVE-2024-8176
CVE-2024-12705
CVE-2025-26465
CVE-2024-10524
CVE-2024-12088
CVE-2024-12087
CVE-2024-9681
CVE-2024-12086
CVE-2019-13636
CVE-2025-26466
CVE-2024-50602
CVE-2024-12747
CVE-2018-18384
CVE-2022-0529
CVE-2022-0530
CVE-2019-20633
CVE-2024-0684
CVE-2023-27043
CVE-2024-12133
CVE-2020-16120
CVE-2024-5742
CVE-2024-8006
CVE-2023-7256
CVE-2024-28882
CVE-2024-9143
CVE-2016-9844
CVE-2024-11053
CVE-2025-0167
CVE-2019-13232
CVE-2021-4217
CVE-2015-7697
CVE-2015-7696
VDE-2025-014
Juli 8, 2025, 12:00 nachm.

Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
CVE-2025-24003
CVE-2025-24006
CVE-2025-24005
CVE-2025-24002
CVE-2025-24004
VDE-2025-019
Juli 22, 2025, 10:00 vorm.

Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered. **Update Version 1.1.0:** Updated the reporting credits for CVE-2025-25271.
CVE-2025-25270
CVE-2025-25271
CVE-2025-25268
CVE-2025-25269
VDE-2025-054
Juli 8, 2025, 12:00 nachm.

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple vulnerabilities in the PLCnext system allowed low-privileged remote attackers to gain unauthorized access or trigger system reboots by manipulating configuration files and symbolic links. Affected services include watchdog, arp-preinit, …
CVE-2025-41668
CVE-2025-41667
CVE-2025-41666
CVE-2025-41665
VDE-2025-029
Mai 14, 2025, 2:28 nachm.

Phoenix Contact: Security Advisory for AXL F BK and IL BK bus couplers

A denial of service (DoS) attack targeting port 80 (http service) can overload the device (CWE-770). This behaviour has been observed when running network security scanners.
CVE-2025-2813