VDE-2019-020
May 22, 2025, 3:03 PM
PHOENIX CONTACT: improper access control exists on FL NAT devices when using MAC-based port security
If MAC-based port security or 802.1x port security is enabled, the FL NAT 2xxx will unintentionally grant access to unauthorized devices in case of routed transmission. ''' Subnet 2---(Ports belonging …
VDE-2020-009
May 22, 2025, 3:03 PM
The firmware update package (WUP) is not signed entirely. The used password offers no additional security, it is just meant to protect from unintentional modifications of the WUP file. Thus …
VDE-2022-007
May 22, 2025, 3:03 PM
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This …
VDE-2023-033
May 22, 2025, 3:03 PM
Several Pilz products use the 3rd party component "CodeMeter Runtime" from WIBU-SYSTEM AG to manage software licenses. This component is affected by a vulnerability, which may enable an attacker to …
VDE-2022-010
May 22, 2025, 3:03 PM
PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known …
VDE-2020-037
May 22, 2025, 3:03 PM
The default installation path and its permissions for the TwinCAT runtime allow a local user to replace or modify executables other users of the same system might execute. The issue …
VDE-2024-071
May 22, 2025, 3:03 PM
Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS
VDE-2020-011
May 22, 2025, 3:03 PM
An attacker needs an authorized login on the device in order to exploit the herein mentioned vulnerabilities. The reported vulnerabilities allow a local attacker with valid login credentials who is …