Back to overview

TURCK: Multiple Vulnerabilities in Managed Ethernet Switches

VDE-2026-038
Last update
06/16/2026 15:00
Published at
06/16/2026 12:00
Vendor(s)
TURCK GmbH
External ID
VDE-2026-038
CSAF Document
Download

Summary

Multiple vulnerabilities have been identified in the TBEN-Lx-SE-M2 firmware prior to version 2.1.2.0 in Managed Ethernet Switches.

Impact

Availability, integrity or confidentiality of the TBEN-Lx-SE-M2 can be compromised by exploiting the vulnerabilities.

Affected Product(s)

Model no. Product name Affected versions
TBEN-L4-SE-M2 Firmware <2.1.2.0
TBEN-L5-SE-M2 Firmware <2.1.2.0
TBEN-LL-SE-M2 Firmware <2.1.2.0

Vulnerabilities

Expand / Collapse all

Published
06/16/2026 15:05
Severity
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
Summary

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.

References
cve.org | nvd.nist.gov

Published
06/16/2026 15:05
Severity
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise.

References
cve.org | nvd.nist.gov

Remediation

TURCK recommends to update to the latest 2.1.2.0 Firmware Release which fixes these vulnerabilities.

Acknowledgments

TURCK GmbH thanks the following parties for their efforts:

  • CERT@VDE for coordination

Revision History

Version Date Summary
1.0.0 05/19/2026 17:00 Initial revision.
1.0.1 06/16/2026 15:00 The Initial revision date was wrong