VDE-2023-004
April 11, 2023, 10:00 AM
A Directory Traversal Vulnerability enables arbitrary file access in ENERGY AXC PU Web service.An authenticated restricted user of the web frontend can access, read, write and create files throughout the …
VDE-2022-061
March 15, 2023, 10:00 AM
VARTA energy storage systems have a web user interface via which users and installers can access live data measurements and configure the system to their needs. It has been discovered …
VDE-2022-060
Feb. 27, 2023, 12:00 PM
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates. The configuration backend can in some cases be used without authentication and …
VDE-2022-055
Feb. 16, 2023, 2:43 PM
An unknown and undocumented configuration interface with limited functionality was identified on the affected devices.
VDE-2022-054
Jan. 12, 2023, 8:52 AM
A vulnerability in the web-based management (WBM) of WAGOs programmable logic controller (PLC) could allow an unauthenticated remote attacker to retrieve sensitive information.
VDE-2022-056
Dec. 14, 2022, 8:00 AM
A JavaScript injection vulnerability has been discovered in the XML editing system SCHEMA ST4 onlinehelp by Quanos Solutions GmbH. For details refer to CVE.This vulnerability may allow an attacker to …
VDE-2022-050
Dec. 12, 2022, 12:00 PM
An unauthenticated remote attacker could reset the administrator's password with information from the default, self-signed certificate.
VDE-2022-033
Nov. 24, 2022, 10:00 AM
PASvisu is an HMI solution for Machine Visualization. It is available as a standalone software product, but it is also included in various models of the PMI product family. The …