Advisories

For CVSS 2.0, 3.0 and 3.2
VDE-2024-061
June 30, 2025, 12:00 PM

ifm: Improper Access Control vulnerability

A vulnerability has been disclosed in PLC ifm AC4xxS that allows an attacker to trigger the safety state with the help of a specially crafted html request. This leads to …
CVE-2024-8419
VDE-2024-012
Aug. 27, 2025, 12:00 PM

ifm: Vulnerabilities in ifm AC14 firmware

In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts …
CVE-2024-28747
CVE-2024-28751
CVE-2024-28748
CVE-2024-28749
CVE-2024-28750
VDE-2024-028
Feb. 28, 2025, 12:00 PM

ifm moneo password reset can be exploited

moneo \"Forgot Password\" function has a vulnerability which allows gaining privileged access.
CVE-2024-5404
VDE-2022-050
Dec. 12, 2022, 12:00 PM

IFM: weak password recovery vulnerability in moneo appliance

An unauthenticated remote attacker could reset the administrator's password with information from the default, self-signed certificate.
CVE-2022-3485