Advisories

For CVSS 2.0, 3.0 and 3.2
VDE-2019-015
July 11, 2025, 9:00 AM

PHOENIX CONTACT: Security Advisory for multiple Industrial Controllers

Phoenix Contact Classic Line industrial controllers (ILC1x0 and ILC1x1 product families as well as the AXIOLINE controllers AXC1050 and AXC3050) are developed and designed for the use in closed industrial …
CVE-2019-9201
VDE-2019-014
May 14, 2025, 2:28 PM

PHOENIX CONTACT: Multiple Vulnerabilities in Automation Worx Software Suite

A manipulated PC Worx or Config+ project file could lead to a remote code execution.\ The attacker needs to get access to an original PC Worx or Config+ project file …
CVE-2019-12869
CVE-2019-12871
CVE-2019-12870
VDE-2019-013
June 12, 2019, 12:25 PM

WAGO: Multiple Vulnerabilities in industrial managed switches

Multiple vulnerabilities have been identified in WAGO 852-303, 852-1305 and 852-1505 industrial managed ethernet switches.
CVE-2019-12550
CVE-2019-12549
CVE-2016-2148
CVE-2014-9984
CVE-2014-9761
CVE-2017-16544
CVE-2016-6301
CVE-2016-2147
CVE-2011-5325
CVE-2015-9261
CVE-2010-0296
CVE-2013-1813
CVE-2015-0235
CVE-2015-1472
CVE-2014-9402
CVE-2014-4043
CVE-2012-4412
CVE-2011-2716
CVE-2010-3856
VDE-2019-012
May 14, 2025, 3:00 PM

TECSON/GOK: Improper Authentication and Access Control on multiple devices

A security researcher discovered that the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a user with limited access rights. Based on …
CVE-2019-12254
VDE-2019-009
May 22, 2025, 3:03 PM

PHOENIX CONTACT: Multiple Vulnerabilities in AXC F 2152

Multiple vulnerabilities have been identified in PHOENIX CONTACT AXC F 2152 with firmware versions 1.x
CVE-2017-8817
CVE-2017-8816
CVE-2017-5337
CVE-2017-5336
CVE-2017-5334
CVE-2017-11543
CVE-2017-11542
CVE-2017-11541
CVE-2016-9953
CVE-2016-9843
CVE-2016-9841
CVE-2018-1000120
CVE-2018-1000005
CVE-2018-1000122
CVE-2017-1000257
CVE-2018-1000301
CVE-2016-9842
CVE-2016-9840
CVE-2016-9952
CVE-2016-1247
CVE-2017-9023
CVE-2017-9022
CVE-2017-5335
CVE-2017-9233
CVE-2017-3731
CVE-2017-11185
CVE-2017-11108
CVE-2017-1000254
CVE-2018-1000121
CVE-2016-7444
CVE-2016-7141
CVE-2016-6301
CVE-2019-10998
CVE-2018-1000117
CVE-2018-5388
CVE-2017-1000101
CVE-2017-1000100
CVE-2015-9251
CVE-2016-7103
CVE-2019-10997
CVE-2018-0737
CVE-2017-3738
CVE-2017-3737
CVE-2017-3735
CVE-2018-7559
CVE-2017-15906
VDE-2019-011
Oct. 7, 2019, 12:00 PM

Pepperl+Fuchs: Remote code execution vulnerability in HMI devices

A remote code execution vulnerability exists in **Remote Desktop Services** – formerly known as **Terminal Services** – when an unauthenticated attacker connects to the target system using **RDP** and sends …
CVE-2019-1181
CVE-2019-0708
CVE-2019-1182
VDE-2019-010
May 14, 2025, 3:00 PM

Miele: Multiple Vulnerabilities in XGW 3000 ZigBee Gateway

Miele XGW 3000 is a ZigBee-TCP/IP gateway. The gateway connects Miele ZigBee-Appliances (called Miele@home) with local customer TCP/IP-Network and allows visualizing the appliance state on the web interface of the …
CVE-2019-20481
CVE-2019-20480
VDE-2019-007
May 14, 2025, 2:28 PM

PHOENIX CONTACT: command injection on RAD-80211-XD(/HP-BUS)

A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack.
CVE-2019-9743