Carlo Gavazzi Controls: Multiple Vulnerabilities in Controller UWP 3.0

The UWP 3.0 family of Monitoring Gateways and Controllers and the CPY Car Park Server are affected by multiple vulnerabilities in their set-up software, runtime firmware, embedded Web interface.


CVE-2022-22522: 9.8
CVE-2022-22526: 9.8
CVE-2022-28811: 9.8
CVE-2022-28812: 9.8
CVE-2022-28814: 9.8
CVE-2022-22524: 9.4
CVE-2022-22523: 7.5
CVE-2022-28813: 7.5
CVE-2022-22525: 7.2
CVE-2022-28816: 6.1
CVE-2022-28815: 2.7

Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function UPDATE A

UPDATE A (19.10.2022): Added Control block-Set CPX-CEC-C1 and Control block-SET
CPX-CMXX to affected products.

Unauthenticated access to critical webpage functions (e.g. reboot) may cause a denial of service of the device.


CVE-2022-3079: 7.5

Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual

Multiple vulnerabilities have been found in myREX24 and myREX24.virtual. 


CVE-2020-35565: 9.8
CVE-2020-10384: 7.8
CVE-2020-35567: 7.8
CVE-2020-12528: 7.7
CVE-2020-35564: 7.5
CVE-2020-35558: 7.5
CVE-2021-34575: 7.5
CVE-2020-35557: 6.5
CVE-2020-12530: 6.1
CVE-2020-35569: 6.1
CVE-2020-35560: 6.1
CVE-2020-35563: 5.4
CVE-2020-35561: 5.3
CVE-2020-35566: 5.3
CVE-2020-12529: 5.3
CVE-2020-35570: 5.3
CVE-2020-35568: 4.3
CVE-2020-12527: 4.3
CVE-2021-34574: 4.3
CVE-2020-35559: 4.3

Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual

An issue was discovered in myREX24 and myREX24.virtual in all versions through 2.11.2.


CVE-2022-22520: 5.3

MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24

An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.11.2.


CVE-2022-22520: 5.3

MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 (Update A)

Two issues have been discovered in mymbCONNECT24 and mbCONNECT24 in all versions
including V2.8.0.

Update A, 2022-09-07:

  • Updated affected versions (and solution) due to incomplete fixes in previous versions


CVE-2021-34575: 7.5
CVE-2021-34574: 4.3

MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 (Update A)

Multiple vulnerabilities have been found in mymbCONNECT24 and mbCONNECT24.

Update A, 2022-09-07:

  • Affected Products: updated affected versions due to incomplete fixes of some CVEs. See Solution for details.
  • Solution: updated version information.
  • Solution: Added Fix for CVE-2020-35561.
  • Solution: Added MFA remark for CVE-2020-35565.


CVE-2020-35565: 9.8
CVE-2020-10384: 7.8
CVE-2020-35567: 7.8
CVE-2020-12528: 7.7
CVE-2020-35558: 7.5
CVE-2020-35564: 7.5
CVE-2020-35557: 6.5
CVE-2020-12530: 6.1
CVE-2020-35569: 6.1
CVE-2020-35560: 6.1
CVE-2020-35563: 5.4
CVE-2020-35570: 5.3
CVE-2020-35561: 5.3
CVE-2020-12529: 5.3
CVE-2020-35566: 5.3
CVE-2020-12527: 4.3
CVE-2020-35568: 4.3
CVE-2020-35559: 4.3

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0