MB connect line: multiple products partially affected by DNSpooq

Multiple issues have been identified in dnsmasq < 2.83


CVE-2020-25684: 3.7
CVE-2020-25685: 3.7
CVE-2020-25686: 3.7

TRUMPF Laser GmbH: TruControl 2.14.0 to 3.14.0 affected by recent sudo vulnerability (CVE-2021-3156)

TruControl laser control software from versions 2.14.0 to 3.14.0 use sudo versions affected by CVE-2021-3156. The affected sudo has a heap-based buffer overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.


CVE-2021-3156: 7.8

Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities

Several critical vulnerabilities within firmware.


CVE-2020-12504: 9.8
CVE-2020-12502: 8.8
CVE-2020-12503: 7.2

Endress+Hauser: Multiple Devices affected by fdtContainer vulnerability

The fdtCONTAINER component is integrated into an application (host application). The fdtCONTAINER application is a specific host application which integrates the fdtCONTAINER component.

The fdtCONTAINER component exchanges binary data blobs with such a host application. Typically, the host application saves these binary data blobs into a project storage (project file or a project database).

To manipulate the data inside the project storage, the attacker needs write access to this project storage. Additionally, the manipulated project needs to be opened by the host application. It depends on the host application whether opening the project requires a user action or not. In
fdtCONTAINER applications, the user has to open the manipulated project file manually.

In the case of opening a stored project, the deserialization of the manipulated data can be exploited.


CVE-2020-12525: 7.3

Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service

Critical vulnerability has been discovered in the utilized component PROFINET IO Device by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerability on the affected device is that it can

  • no longer perform acyclic requests
  • may drop all established cyclic connections may
  • disappear completely from the network

For more information see advisory by Hilscher:
https://kb.hilscher.com/display/ISMS/2020-12-03+Denial+of+Service+vulnerability+in+PROFINET+IO+Device

Update 20.11.2024: Products have been added


CVE-2021-20986: 7.5

Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service

Critical vulnerability has been discovered in the utilized component Ethernet IP Stack by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerability on the affected device is that it can

  • denial of service
  • remote code execution
  • code exposure

For more information see advisory by Hilscher:
https://kb.hilscher.com/pages/viewpage.action?pageId=108969480


CVE-2021-20987: 8.6

Pepperl+Fuchs: Multiple Products - Vulnerability may allow remote attackers to cause a Denial Of Service

Critical vulnerability has been discovered in the utilized component 499ES EtherNet/IP Stack by Real Time Automation (RTA).


CVE-2020-25159: 9.8

Weidmueller: WI Manager affected by fdtContainer vulnerability

A vulnerability has been discovered in the fdtCONTAINER component and application by M&M Software GmbH.
As this software is part of the Weidmüller FDT/DTM Software with WI Manager, this Weidmueller software is affected by the above vulnerability as well.

The fdtCONTAINER component exchanges binary data blobs with the WI Manager. The WI Manager saves these binary data blobs into a project file.

If an attacker gets write access to the project file, the project file can be manipulated to contain malicious code.


CVE-2020-12525: 7.3

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0