Weidmüller product PROCON-WIN is affected by hard-coded credentials.
Weidmüller has released a new version of the affected product to fix the vulnerability.
Multiple Weidmüller products are affected by an OpenSSL vulnerability.
Weidmüller has released new firmwares of the affected products to fix the vulnerability.
A JavaScript injection vulnerability has been discovered in the XML editing system SCHEMA ST4 online
help by Quanos Solutions GmbH. For details refer to CVE.
This vulnerability may allow an attacker to inject JavaScript code via URL to the affected products
A critical vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit (EADK) by Pyramid Solutions, Inc.. For details refer to CVE(s).
This vulnerability may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition of the affected products.
The indicated firmware versions are only used on products of hardware version 01.xx.xx.
Multiple issues have been found in the affected products. See CVE descriptions for details.
The Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.
Multiple issues in Weidmueller Industrial WLAN devices have been found.
Initial publication date: 2021-06-23
Update A publication date: 2021-07-02
Update A
CVE-2021-33534
CVSS: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Description: An exploitable command injection vulnerability exists in the hostname functionality of Weidmueller Industrial WLAN devices. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability.