Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple vulnerabilities in the PLCnext system allowed low-privileged remote attackers to gain unauthorized access or trigger system reboots by manipulating configuration files and symbolic links. Affected services include watchdog, arp-preinit, and security-profile, potentially exposing critical system files. These issues have been resolved in firmware version 2025.0.2.


CVE-2025-41666: 8.8
CVE-2025-41667: 8.8
CVE-2025-41668: 8.8
CVE-2025-41665: 6.5

Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.


CVE-2025-24003: 8.2
CVE-2025-24005: 7.8
CVE-2025-24006: 7.8
CVE-2025-24002: 5.3
CVE-2025-24004: 5.2

Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.


CVE-2025-25270: 9.8
CVE-2025-25268: 8.8
CVE-2025-25271: 8.8
CVE-2025-25269: 8.4

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2025.0.2


CVE-2024-12084: 9.8
CVE-2024-52533: 9.8
CVE-2025-0665: 9.8
CVE-2024-5535: 9.1
CVE-2024-38428: 9.1
CVE-2024-5594: 9.1
CVE-2024-6345: 8.8
CVE-2025-24965: 8.1
CVE-2018-1000156: 7.8
CVE-2019-13638: 7.8
CVE-2018-20969: 7.8
CVE-2018-1000035: 7.8
CVE-2018-6952: 7.5
CVE-2024-6232: 7.5
CVE-2024-25062: 7.5
CVE-2024-6119: 7.5
CVE-2024-12705: 7.5
CVE-2024-12085: 7.5
CVE-2024-8176: 7.5
CVE-2018-6951: 7.5
CVE-2015-7696: 6.8
CVE-2025-26465: 6.8
CVE-2024-5742: 6.7
CVE-2024-12087: 6.5
CVE-2024-10524: 6.5
CVE-2024-12088: 6.5
CVE-2024-12086: 6.1
CVE-2019-13636: 5.9
CVE-2024-50602: 5.9
CVE-2024-9681: 5.9
CVE-2025-26466: 5.9
CVE-2024-9287: 5.8
CVE-2024-12747: 5.6
CVE-2022-0529: 5.5
CVE-2019-20633: 5.5
CVE-2024-0684: 5.5
CVE-2022-0530: 5.5
CVE-2018-18384: 5.5
CVE-2024-9341: 5.4
CVE-2023-27043: 5.3
CVE-2024-12133: 5.3
CVE-2020-16120: 5.1
CVE-2024-10918: 4.8
CVE-2023-7256: 4.4
CVE-2024-8006: 4.4
CVE-2024-28882: 4.3
CVE-2024-9143: 4.3
CVE-2015-7697: 4.3
CVE-2016-9844: 4.0
CVE-2024-11053: 3.4
CVE-2025-0167: 3.4
CVE-2019-13232: 3.3
CVE-2021-4217: 3.3
CVE-2025-27113: 2.9

Frauscher: FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi are Vulnerable to OS Command Injection Vulnerability

Frauscher Sensortechnik FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi R2 and all previous versions are vulnerable to OS Command Injection via malicious configuration file.


CVE-2025-3626: 9.1
CVE-2025-3705: 6.8

WAGO: Vulnerability in WAGO Device Sphere

During installation, identical certificates are installed across all systems instead of unique ones, which are intended for JWT Token encryption and signing.


CVE-2025-41672: 10

Endress+Hauser: Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4

Several vulnerabilities in the Endress+Hauser MEAC300-FNADE4 were discovered, that can be accessed via Ethernet.


CVE-2025-1708: 8.6
CVE-2025-27461: 7.6
CVE-2025-27460: 7.6
CVE-2025-27449: 7.5
CVE-2025-1710: 7.5
CVE-2025-27456: 7.5
CVE-2025-27447: 7.4
CVE-2025-27448: 6.8
CVE-2025-27458: 6.5
CVE-2025-27450: 6.5
CVE-2025-1709: 6.5
CVE-2025-27457: 6.5
CVE-2025-27451: 5.3
CVE-2025-27453: 5.3
CVE-2025-27452: 5.3
CVE-2025-27459: 4.4
CVE-2025-1711: 4.3
CVE-2025-27454: 4.3
CVE-2025-27455: 4.3

Pilz: Authentication Bypass in IndustrialPI Webstatus

The Pilz industrial PC IndustrialPI webstatus application is vulnerable to an authentication bypass.


CVE-2025-41648: 9.8

Feeds

By Vendor

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0