Advisories

Show filters filter

Manufacturer

Scoring

For CVSS 2.0, 3.0 and 3.2

No CVE available

0.1 - 3.9

4 - 6.9

7 - 8.9

9 - 10

VDE-2024-073

May 22, 2025, 3:03 PM

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS

CVE-2023-38545

CVE-2023-47100

CVE-2023-45853

CVE-2021-41072

CVE-2023-4751

CVE-2023-4752

CVE-2023-4738

CVE-2023-4750

CVE-2023-4736

CVE-2023-4734

CVE-2023-4781

CVE-2023-5535

CVE-2023-4807

CVE-2023-2603

CVE-2023-4911

CVE-2023-5363

CVE-2023-44487

CVE-2023-4785

CVE-2023-33953

CVE-2024-0567

CVE-2024-0553

CVE-2023-5156

CVE-2023-38039

CVE-2023-32731

CVE-2023-4733

CVE-2023-42465

CVE-2023-51385

CVE-2022-29900

CVE-2022-42012

CVE-2022-42011

CVE-2022-42010

CVE-2023-34969

CVE-2023-46218

CVE-2023-26555

CVE-2023-5441

CVE-2023-48795

CVE-2022-40897

CVE-2022-29901

CVE-2023-26554

CVE-2023-26553

CVE-2023-26552

CVE-2023-26551

CVE-2023-7104

CVE-2023-51384

CVE-2023-32665

CVE-2023-32611

CVE-2023-29499

CVE-2022-48554

CVE-2023-40217

CVE-2023-3817

CVE-2023-32732

CVE-2023-32643

CVE-2023-46219

CVE-2023-4735

CVE-2023-6004

CVE-2023-32636

CVE-2023-46246

CVE-2023-5344

CVE-2023-48231

CVE-2023-38546

CVE-2023-48706

CVE-2023-48237

CVE-2023-4016

VDE-2024-071

May 22, 2025, 3:03 PM

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS

CVE-2024-32002

CVE-2024-6387

CVE-2024-39894

CVE-2024-2511

CVE-2024-4741

CVE-2024-4603

VDE-2024-072

Dec. 3, 2024, 12:00 PM

WAGO: Vulnerabilities in CODESYS Control

The following firmware versions installed on several devices are vulnerable due to a vulnerability in the CODESYS Control V3 web server.

CVE-2024-8175

VDE-2024-059

Dec. 3, 2024, 3:00 PM

Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo

An unauthenticated attacker would be able to send crafted requests to cause the CODESYS Gateway Server V2 to allocate excessive memory or consume all available TCP client connections. Besides, passwords …

CVE-2022-31802

CVE-2022-31804

CVE-2022-31803

VDE-2024-074

May 14, 2025, 2:28 PM

SMA: SQL injection in Sunny Central UP

A security researcher discovered that in the affected products an authenticated (administration privileges) SQL injection has been found on the administration panel allowing access to a database. The database that …

CVE-2024-11025

VDE-2024-065

May 14, 2025, 2:28 PM

PEPPERL+FUCHS: HMI devices are affected by Insecure Platform Key

A vulnerability in the use of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered in several Pepperl+Fuchs devices.

CVE-2024-8105

VDE-2024-047

May 22, 2025, 3:03 PM

WAGO: Multiple vulnerabilities in docker configuration

Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices.

CVE-2024-41969

CVE-2024-41973

CVE-2024-41971

CVE-2024-41967

CVE-2024-41974

CVE-2024-41972

CVE-2024-41970

CVE-2024-41968

VDE-2024-064

April 11, 2025, 9:00 AM

Beckhoff: Local command injection via TwinCAT Package Manager

Beckhoff's TwinCAT 3.1 Build 4026 software is modularized and is installed with different packages depending on user requirements. These packages are selected and installed using either the command line utility …

CVE-2024-8934