VDE-2018-004
Mai 14, 2025, 2:28 nachm.
An attacker with permission to transfer configuration files to/from the switch or permission to upgrade firmware, is able to execute arbitrary OS shell commands. CGI applications config_transfer.cgi and software_update.cgi are …
VDE-2019-016
Mai 14, 2025, 2:28 nachm.
Manipulated PC Worx or Config+ projects could lead to a remote code execution due to insufficient input data validation. The attacker needs to get access to an original PC Worx …
VDE-2021-029
Mai 14, 2025, 2:28 nachm.
A device on the same network as the controller sending a special crafted JSON request to the /auth/access-token endpoint may cause the controller to restart (CWE-20). UPDATE A The CVSS …
VDE-2019-014
Mai 14, 2025, 2:28 nachm.
A manipulated PC Worx or Config+ project file could lead to a remote code execution.\ The attacker needs to get access to an original PC Worx or Config+ project file …
VDE-2024-029
Juni 11, 2024, 8:00 vorm.
The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.
VDE-2024-019
Mai 14, 2024, 8:00 vorm.
Multiple vulnerabilities have been discovered in the Firmware of CHARX SEC charge controllers. Update: credis have been updated
VDE-2024-011
März 12, 2024, 8:00 vorm.
Multiple vulnerabilities have been discovered in the Firmware of CHARX SEC charge controllers. These vulnerabilities were discovered as part of a PWN2OWN competition initiated by Trend Micro Zero Day Initiative …
VDE-2023-055
Dez. 12, 2023, 8:00 vorm.
Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks. The controllers don't feature a function to check integrity and authenticity of the …