Advisories | CERT@VDE

2024-07-09 09:00 VDE-2024-012

ifm: Vulnerabilities in ifm AC14 firmware

In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts a scripts capable of executing various commands.

more ...

CVE-2024-28747: 9.8

CVE-2024-28751: 9.1

CVE-2024-28750: 7.2

CVE-2024-28749: 7.2

CVE-2024-28748: 7.2

2024-06-03 08:00 VDE-2024-028

ifm: moneo password reset can be exploited

moneo "Forgot Password" function has a vulnerability which allows gaining privileged access.

more ...

CVE-2024-5404: 9.8

2022-12-12 12:00 VDE-2022-050

IFM: weak password recovery vulnerability in moneo appliance

An unauthenticated remote attacker could reset the administrator's password with information from the default, self-signed certificate.

more ...

CVE-2022-3485: 9.8

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (14)

Bender (2)

CODESYS (13)

Endress+Hauser (12)

Festo (11)

Festo Didactic (7)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (11)

HIMA (2)

ifm (3)

Innominate (2)

Lenze (3)

MB connect line (11)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (30)

PHOENIX CONTACT (87)

Pilz (13)

Red Lion Europe (4)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (4)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (58)

Weidmueller (10)

Welotec (3)

Wiesemann & Theis (3)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0

ifm: Vulnerabilities in ifm AC14 firmware

ifm: moneo password reset can be exploited

IFM: weak password recovery vulnerability in moneo appliance

Feeds

By Vendor

Archive

2024

2023

2022

2021

2020

2019

2018

2017

Legend