Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities

Critical vulnerabilities have been discovered in the utilized Bluetooth component.
For more information see: https://kb.cert.org/vuls/id/799380


CVE-2020-26559: 8.8
CVE-2020-26560: 8.1
CVE-2020-26557: 7.5
CVE-2020-26556: 7.5
CVE-2020-26555: 5.4
CVE-2020-26558: 4.2

PHOENIX CONTACT: Multiple vulnerabilities in RAD-ISM-900-EN-BD devices

Multiple vulnerabilities have been discovered in the firmware and in libraries utilized of RAD-ISM-900-EN-BD devices:

In addition to the above listed CVEs the following issues were identified:

Vulnerabilities related to outdated libraries:

  • BusyBox version 0.60.1: A CVE scan revealed 13 potential vulnerabilities. Some of these vulnerabilities impact services used by this device such as NTP and DHCP.
  • OpenSSL version 0.9.7-beta3: This version of OpenSSL uses deprecated ciphers and a CVE scan revealed over 87 potential vulnerabilities.

Over-privileged web application:
The web application is operated with root privileges. Therefore, if an attacker were able to achieve RCE via the web application they would be executing with the highest level of privileges.


CVE-2022-29897: 9.1
CVE-2022-29898: 9.1

TRUMPF: TruTops Fab, TruTops Boost prone to vulnerability

A service function in the stated TRUMPF products is exposed without necessary authentication. Execution of this function may result in unauthorized access to, change of data or disruption of the whole service.


CVE-2022-1300: 9.8

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0