Advisories

Show filters filter

Manufacturer

Scoring

For CVSS 2.0, 3.0 and 3.2

No CVE available

0.1 - 3.9

4 - 6.9

7 - 8.9

9 - 10

VDE-2023-001

June 5, 2025, 3:28 PM

PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware

A new LTS Firmware release fixes known vulnerabilities in used open-source libraries. In addition, the following improvements have been implemented: HMI - Hardening against DoS attacks. - Hardening against memory …

CVE-2022-37434

CVE-2022-32207

CVE-2022-1664

CVE-2022-39260

CVE-2022-40674

CVE-2022-42915

CVE-2022-2257

CVE-2022-2206

CVE-2022-2264

CVE-2022-2288

CVE-2022-2289

CVE-2022-2286

CVE-2022-2284

CVE-2022-2285

CVE-2022-2345

CVE-2022-2304

CVE-2022-2344

CVE-2022-2210

CVE-2022-2207

CVE-2022-2343

CVE-2022-2183

CVE-2022-2182

CVE-2022-2175

CVE-2022-2129

CVE-2022-1942

CVE-2022-1927

CVE-2022-3352

CVE-2022-3324

CVE-2022-3297

CVE-2022-3296

CVE-2022-3256

CVE-2022-3235

CVE-2022-3234

CVE-2022-2581

CVE-2022-2580

CVE-2022-2571

CVE-2022-2522

CVE-2022-42919

CVE-2022-40304

CVE-2022-29187

CVE-2022-1304

CVE-2022-30065

CVE-2022-43680

CVE-2022-3705

CVE-2022-40617

CVE-2002-20001

CVE-2021-46828

CVE-2022-2509

CVE-2022-42916

CVE-2022-2287

CVE-2022-43995

CVE-2022-1015

CVE-2022-32206

CVE-2022-1348

CVE-2022-32208

CVE-2022-2231

CVE-2022-2208

CVE-2022-3278

CVE-2022-2598

CVE-2022-1016

CVE-2022-39253

CVE-2022-2097

CVE-2022-32205

CVE-2022-35252

VDE-2022-059

May 22, 2025, 3:03 PM

HIMA: unquoted path vulnerabilities in X-OPC and X-OTS

Unquoted Windows search path vulnerability in the below mentioned Software for Windows might allow local users to gain privileges via a malicious .exe file.

CVE-2022-4258

VDE-2022-054

Jan. 12, 2023, 8:52 AM

WAGO: Unauthenticated Configuration Export in web-based management in multiple devices

A vulnerability in the web-based management (WBM) of WAGOs programmable logic controller (PLC) could allow an unauthenticated remote attacker to retrieve sensitive information.

CVE-2022-3738

VDE-2022-056

Dec. 14, 2022, 8:00 AM

Weidmueller: Multiple IoT and control products affected by JavaScript injection vulnerability

A JavaScript injection vulnerability has been discovered in the XML editing system SCHEMA ST4 onlinehelp by Quanos Solutions GmbH. For details refer to CVE.This vulnerability may allow an attacker to …

CVE-2022-3073

VDE-2022-038

Oct. 1, 2025, 12:50 PM

Festo: Vulnerable WIBU-SYSTEMS CodeMeter Runtime in multiple products

A vulnerability was reported in WIBU-SYSTEMS CodeMeter Runtime. WIBU-SYSTEMS CodeMeter Runtime is part of the installation packages of several Festo products.FluidDraw < 6.2c and CIROS <= 7.0.6 contain a …

CVE-2021-41057

VDE-2022-057

May 14, 2025, 3:00 PM

Wiesemann & Theis multiple products prone to web interface vulnerability

Multiple Wiesemann & Theis product families are affected by a vulnerability in the web interface. The device allows an unauthenticated attacker to get the session ID of a logged in …

CVE-2022-4098

VDE-2022-058

May 14, 2025, 3:00 PM

PHOENIX CONTACT: Profinet SDK libexpat vulnerabilities

Two vulnerabilities have been discovered in the Expat XML parser library (aka libexpat). This open-source component is widely used in a lot of products worldwide. An attacker could cause a …

CVE-2022-40674

CVE-2022-43680

VDE-2022-050

Dec. 12, 2022, 12:00 PM

IFM: weak password recovery vulnerability in moneo appliance

An unauthenticated remote attacker could reset the administrator's password with information from the default, self-signed certificate.

CVE-2022-3485