Advisories | CERT@VDE

2021-07-30 09:55 VDE-2021-034

Pepperl+Fuchs: Security Advisory for PrintNightmare Vulnerability in multiple HMI Devices

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

See details on Microsoft Advisory CVE-2021-34527 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527)

CVE-2021-34527: 8.8

2021-07-22 13:35 VDE-2021-017

MB connect line: Privilege escalation in mbDIALUP (Update B)

Multiple Vulnerabilities in mbConnect24serv (a software service of mbDIALUP) can lead to arbitrary code execution due to improper privilege management.

Update A, 2021-11-24

corrected fixed version in solution from 3.9R0.4 to 3.9R0.5

Update B, 2022-03-28

Updated CVSS score from CVE-2021-33527 from 7.8 to 9.8 due to new information about the vulnerability

CVE-2021-33527: 9.8

CVE-2021-33526: 7.8

2021-07-22 13:33 VDE-2021-031

MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24, mymbCONNECT24 <= 2.8.0

Two vulnerabilities in mbCONNECT24 and mymbCONNECT24 can lead to information disclosure and arbitrary code execution.

Please consult the CVE entries for details.

CVE-2020-9498: 6.7

CVE-2020-9497: 4.4

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (14)

Bender (2)

CODESYS (13)

Endress+Hauser (12)

Festo (11)

Festo Didactic (7)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (11)

HIMA (2)

ifm (3)

Innominate (2)

Lenze (3)

MB connect line (11)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (30)

PHOENIX CONTACT (87)

Pilz (13)

Red Lion Europe (4)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (4)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (58)

Weidmueller (10)

Welotec (3)

Wiesemann & Theis (3)

Archive

2024

November (1)
October (8)
September (8)
August (9)
July (7)
June (4)
May (4)
April (3)
March (2)
February (6)
January (7)

2023

December (14)
November (5)
October (5)
September (5)
August (13)
July (5)
June (3)
May (4)
April (1)
March (3)
February (3)
January (2)

2022

December (5)
November (10)
October (5)
September (7)
August (4)
July (4)
June (7)
May (3)
April (11)
March (5)
January (5)

2021

December (2)
November (6)
October (5)
September (2)
August (10)
July (3)
June (9)
May (6)
April (2)
March (3)
February (3)
January (4)

2020

December (4)
November (3)
October (6)
September (8)
August (1)
July (3)
June (4)
May (2)
March (12)
February (2)

2019

December (2)
October (3)
September (1)
June (4)
May (2)
March (6)
January (1)

2018

October (1)
September (1)
August (2)
July (3)
May (4)
March (1)
February (1)
January (2)

2017

December (2)
November (1)
September (1)
March (1)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0