Advisories | CERT@VDE

2025-06-30 12:00 VDE-2024-061

ifm: Improper Access Control vulnerability

A vulnerability has been disclosed in PLC ifm AC4xxS that allows an attacker to trigger the safety state with the help of a specially crafted html request. This leads to a loss of availability.

CVE-2024-8419: 7.5

2024-07-09 09:00 VDE-2024-012

ifm: Vulnerabilities in ifm AC14 firmware

In ifm Smart PLC firmware up to version 4.3.17 for Smart PLC controllers AC14xx and AC4xxS, an attacker can access the configuration by using the hardcoded credentials. The endpoint hosts a scripts capable of executing various commands.

CVE-2024-28747: 9.8

CVE-2024-28751: 9.1

CVE-2024-28750: 7.2

CVE-2024-28749: 7.2

CVE-2024-28748: 7.2

2024-06-03 08:00 VDE-2024-028

ifm: moneo password reset can be exploited

moneo "Forgot Password" function has a vulnerability which allows gaining privileged access.

CVE-2024-5404: 9.8

2022-12-12 12:00 VDE-2022-050

IFM: weak password recovery vulnerability in moneo appliance

An unauthenticated remote attacker could reset the administrator's password with information from the default, self-signed certificate.

CVE-2022-3485: 9.8

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (3)

Auma (6)

Beckhoff (14)

Bender (2)

CODESYS (18)

Endress+Hauser (12)

Festo (12)

Festo Didactic (7)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (14)

HIMA (2)

ifm (4)

Innominate (2)

Lenze (5)

MB connect line (14)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (33)

PHOENIX CONTACT (92)

Pilz (14)

Red Lion Europe (4)

SMA (5)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (4)

TRUMPF Laser (8)

TRUMPF Werkzeugmaschinen (9)

VARTA Storage (1)

VMT (1)

WAGO (66)

Weidmueller (15)

Welotec (3)

Wiesemann & Theis (6)

Archive

2025

June (12)
May (9)
April (5)
March (8)
February (4)
January (5)

2024

December (4)
November (3)
October (8)
September (8)
August (9)
July (7)
June (4)
May (4)
April (3)
March (2)
February (6)
January (7)

2023

December (14)
November (5)
October (5)
September (5)
August (13)
July (5)
June (3)
May (4)
April (1)
March (3)
February (3)
January (2)

2022

December (5)
November (10)
October (5)
September (7)
August (4)
July (4)
June (7)
May (3)
April (11)
March (5)
January (5)

2021

December (2)
November (6)
October (5)
September (2)
August (10)
July (3)
June (9)
May (6)
April (2)
March (3)
February (3)
January (4)

2020

December (4)
November (3)
October (6)
September (8)
August (1)
July (3)
June (4)
May (2)
March (12)
February (2)

2019

December (2)
October (3)
September (1)
June (4)
May (2)
March (6)
January (1)

2018

October (1)
September (1)
August (2)
July (3)
May (4)
March (1)
February (1)
January (2)

2017

December (2)
November (1)
September (1)
March (1)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0