A security researcher discovered that in the affected products an authenticated (administration privileges) SQL injection has been found on the administration panel allowing access to a database. The database that can be accessed is a log database in which measurement data are stored for a graphical representation.
A vulnerability in the use of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered in several Pepperl+Fuchs devices.
Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices.