• 1 (current)
  • 2

Weidmüller: WIBU Vulnerability in multiple Products

Multiple Weidmueller products are affected by recent WIBU vulnerability.


CVE-2023-3935: 9.8

Weidmueller: Multiple IoT and control products affected by JavaScript injection vulnerability

A JavaScript injection vulnerability has been discovered in the XML editing system SCHEMA ST4 online
help by Quanos Solutions GmbH. For details refer to CVE.
This vulnerability may allow an attacker to inject JavaScript code via URL to the affected products


CVE-2022-3073: 6.1

Weidmueller: EtherNet/IP Fieldbus Coupler out-of-bounds write

A critical vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit (EADK) by Pyramid Solutions, Inc.. For details refer to CVE(s).
This vulnerability may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition of the affected products.

The indicated firmware versions are only used on products of hardware version 01.xx.xx.


CVE-2022-1737: 7.5

WEIDMUELLER: Multiple vulnerabilities in Modbus TCP/RTU Gateways

Multiple issues have been found in the affected products. See CVE descriptions for details.


CVE-2019-9096: 9.8
CVE-2019-9095: 9.8
CVE-2019-9099: 9.8
CVE-2019-9102: 8.8
CVE-2019-9101: 7.5
CVE-2019-9098: 7.5
CVE-2019-9104: 7.5
CVE-2019-9103: 5.3
CVE-2019-9097: 5.3

Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities

The Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.


CVE-2021-31401: 7.5
CVE-2020-35684: 7.5
CVE-2020-35683: 7.5

Weidmueller: Multiple vulnerabilities in Industrial WLAN devices (Update A)

Multiple issues in Weidmueller Industrial WLAN devices have been found.

Initial publication date: 2021-06-23
Update A publication date: 2021-07-02

Update A

CVE-2021-33534

CVSS: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Description: An exploitable command injection vulnerability exists in the hostname functionality of Weidmueller Industrial WLAN devices. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability.



CVE-2021-33531: 8.8
CVE-2021-33532: 8.8
CVE-2021-33537: 8.8
CVE-2021-33538: 8.8
CVE-2021-33533: 8.8
CVE-2021-33528: 8.8
CVE-2021-33535: 8.8
CVE-2021-33530: 8.8
CVE-2021-33529: 7.5
CVE-2021-33536: 7.5
CVE-2021-33539: 7.2
CVE-2021-33534: 7.2

Weidmueller: Accidentally open network port in u-controls and IoT-Gateways

A network port intended only for device-internal usage is accidentally accessible via external network interfaces.


CVE-2021-20999: 9.8

Weidmueller: WI Manager affected by fdtContainer vulnerability

A vulnerability has been discovered in the fdtCONTAINER component and application by M&M Software GmbH.
As this software is part of the Weidmüller FDT/DTM Software with WI Manager, this Weidmueller software is affected by the above vulnerability as well.

The fdtCONTAINER component exchanges binary data blobs with the WI Manager. The WI Manager saves these binary data blobs into a project file.

If an attacker gets write access to the project file, the project file can be manipulated to contain malicious code.


CVE-2020-12525: 7.3
  • 1 (current)
  • 2

Feeds

By Vendor

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0