Advisories | CERT@VDE

2023-06-25 08:00 VDE-2023-006

WAGO: Controller with CODESYS 2.3 Runtime Denial-of-Service

An authenticated attacker can send a malformed packet to trigger a device crash via the CODESYS V2 runtime commands parsing.

Update: 08.07.2024 release date of the updates has been changed.

CVE-2023-1619: 4.9

CVE-2023-1620: 4.9

2023-06-25 08:00 VDE-2023-005

WAGO: Series 750-3x/-8x prone to MODBUS server DoS

An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly release memory resources that were reserved for incomplete connection attempts by MODBUS clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the MODBUS server.

CVE-2023-1150: 7.5

2023-06-13 08:00 VDE-2023-010

PHOENIX CONTACT: FL MGUARD affected by two vulnerabilities

The FL MGUARD family of devices is affected by two vulnerabilities.

CVE-2022-4304: 5.9

CVE-2023-2673: 5.8

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (14)

Bender (2)

CODESYS (13)

Endress+Hauser (12)

Festo (11)

Festo Didactic (7)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (11)

HIMA (2)

ifm (3)

Innominate (2)

Lenze (3)

MB connect line (11)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (30)

PHOENIX CONTACT (87)

Pilz (13)

Red Lion Europe (4)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (4)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (58)

Weidmueller (10)

Welotec (3)

Wiesemann & Theis (3)

Archive

2024

November (1)
October (8)
September (8)
August (9)
July (7)
June (4)
May (4)
April (3)
March (2)
February (6)
January (7)

2023

December (14)
November (5)
October (5)
September (5)
August (13)
July (5)
June (3)
May (4)
April (1)
March (3)
February (3)
January (2)

2022

December (5)
November (10)
October (5)
September (7)
August (4)
July (4)
June (7)
May (3)
April (11)
March (5)
January (5)

2021

December (2)
November (6)
October (5)
September (2)
August (10)
July (3)
June (9)
May (6)
April (2)
March (3)
February (3)
January (4)

2020

December (4)
November (3)
October (6)
September (8)
August (1)
July (3)
June (4)
May (2)
March (12)
February (2)

2019

December (2)
October (3)
September (1)
June (4)
May (2)
March (6)
January (1)

2018

October (1)
September (1)
August (2)
July (3)
May (4)
March (1)
February (1)
January (2)

2017

December (2)
November (1)
September (1)
March (1)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0