A heap-based buffer overflow caused by libcurl and wrong whitespace character interpretation
in Javascript, both used in CodeMeter Runtime affecting multiple products by PHOENIX CONTACT.
A Vulnerability in WIBU-SYSTEMS CodeMeter Runtime affects multiple Phoenix Contact products.
Phoenix Contact devices using CodeMeter embedded are not affected by this vulnerability.
Update A, 2023-11-13
Removed CVE-2023-4701 because it was revoked.
Multiple vulnerabilities allow an attacker to read arbitrary files, inject commands and bypass authentication or access control. Furthermore, hardcoded session and encryption keys as well as a missing firmware update signature and a service running with unnecessary privileges were discovered.
Several vulnerabilities have been discovered in the LibGit2Sharp or underlying LibGit2 library.
This open-source component is widely used in a lot of products worldwide.
The product is vulnerable to remote code execution, privilege escalation and tampering.
PLCnext Engineer is using the LibGit2Sharp library to provide version control capabilities.
Two vulnerabilities have been discovered in the firmware of TC ROUTER and TC CLOUD CLIENT devices.
Update A, 2024-08-12
The FL MGUARD family of devices is affected by two vulnerabilities.
A Directory Traversal Vulnerability enables arbitrary file access in ENERGY AXC PU Web service.
An authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service.
Multiple vulnerabilities have been discovered in CODESYS Control V3 runtime system.
For details regarding the single vulnerabilities please refer to the security advisories issued by CODESYS: