CVE-2026-25105

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...

CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...

PT-2026-22276

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is achieved by injecting malicious input into parameters of the Modbus command tool within a debug route. T...

EUVD-2025-34150

An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command...

CVE-2025-41703

CVE-2025-41703 affects Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP (UPS modules). An unauthenticated remote attacker can cause a Denial of Service by turning off the UPS output via Modbus command. Public sources describe an access/control weakness allowing UPS output shutdown, potentially disrupt...

CVE-2025-41703 Phoenix Contact: UPS Shutdown via Unauthenticated Modbus Command

An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command...

PT-2025-41853

Name of the Vulnerable Software and Affected Versions UPS affected versions not specified Description An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via a Modbus command. This disruption can lead to power outages or equipment shutdowns. The...

CVE-2025-48466 Modbus Command Injection without Authentication

Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks...

CVE-2025-48466 Modbus Command Injection without Authentication

Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks...

CVE-2020-7477

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 Versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx all Versions, and Premium processors with integrated Ethernet all Versions, which...

CVE-2020-7477

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 Versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx all Versions, and Premium processors with integrated Ethernet all Versions, which...