The Linux kernel starting from 5.8 has a flaw which can lead to privilege escalation for a local user. The kernel is used in several Versions of the FW of several WAGO products. All vulnerable PLCs are listed in chapter ‘Affected Products’.



Several vulnerabilities have been discovered in the Expat XML parser library (aka libexpat).
This open-source component is widely used in a lot of products worldwide.
A remote, anonymous attacker could use an integer overflow to execute arbitrary program code when loading specially crafted XML files.

Profinet SDK is using XML parser library Expat as reference solution for loading the XML based Profinet network configuration files (IPPNIO or TIC).



Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service.



SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was fixed in SharpZipLib version 1.3.3.



WAGO: Web-Based Management Cross-Site Scripting

The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks.



By tricking clients of the mentioned products into contacting malicious OPC UA servers and thereby acting as OPC UA clients, a crash of the component can be provoked.



A vulnerability is reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations. All currently existing e!COCKPIT installation bundles and WAGO-I/O-Pro (CODESYS 2.3) installation bundles are affected with vulnerable versions of WIBU-SYSTEMS Codemeter.



Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0