PHOENIX CONTACT: FL MGUARD affected by two vulnerabilities

The FL MGUARD family of devices is affected by two vulnerabilities.


CVE-2022-4304: 5.9
CVE-2023-2673: 5.8

Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual

Two vulnerabilites have been discovered in myREX24 and myREX24.virtual in all versions through 2.13.3.


CVE-2023-0985: 8.8
CVE-2023-1779: 4.3

MB Connect Line: Multiple vulnerabilities in mbConnect24 and mymbConnect24

Two vulnerabilites have been discovered in mbCONNECT24 and mbCONNECT24 in all versions through 2.13.3.


CVE-2023-0985: 8.8
CVE-2023-1779: 4.3

WAGO: Unauthenticated command execution via Web-based-management UPDATE A

The “legal information” plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user.

UPDATE A 15.06.2023 :

  • Removed PFC100 with FW23 as affected product and from solution
  • PFC200 with FW23 is only affected on 750-821x/xxx-xxx
  • Renamed "FW22 Patch 1" to "FW22 SP1" to match the versions of the download portal


CVE-2023-1698: 9.8

ads-tec: Multiple Vulnerabilities in IRF1000, IRF2000 and IRF3000


CVE-2015-8876: 9.8
CVE-2015-6835: 9.8
CVE-2015-4602: 9.8
CVE-2016-7411: 9.8
CVE-2016-7124: 9.8
CVE-2016-9138: 9.8
CVE-2017-12933: 9.8
CVE-2017-8923: 9.8
CVE-2017-11142: 7.5
CVE-2014-8142: 7.5
CVE-2015-2787: 7.5
CVE-2014-3669: 7.5
CVE-2015-0231: 7.5
CVE-2015-3415: 7.5
CVE-2015-3414: 7.5
CVE-2016-10161: 7.5
CVE-2014-9425: 7.5
CVE-2015-2348: 5.0

PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service

A Directory Traversal Vulnerability enables arbitrary file access in ENERGY AXC PU Web service.
An authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service.


CVE-2023-1109: 8.8

VARTA: Multiple devices prone to hard-coded credentials

VARTA energy storage systems have a web user interface via which users and installers can access live data measurements and configure the system to their needs. It has been discovered that the corresponding credentials are hard-coded within the frontend and thus potentially exploitable.


CVE-2022-22512: 9.1

PHOENIX CONTACT: Multiple vulnerabilities in ENERGY AXC PU

Multiple vulnerabilities have been discovered in CODESYS Control V3 runtime system.
For details regarding the single vulnerabilities please refer to the security advisories issued by CODESYS:

  • CODESYS Security Advisory 2022-02
  • CODESYS Security Advisory 2022-04
  • CODESYS Security Advisory 2022-06
  • CODESYS Security Advisory 2022-09


CVE-2022-22515: 8.1
CVE-2022-30792: 7.5
CVE-2022-22517: 7.5
CVE-2022-22514: 7.1
CVE-2022-22513: 6.5

Feeds

By Vendor

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0