21 matches found
CVE-2025-41700 CODESYS Development System - Deserialization of Untrusted Data
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context...
CVE-2025-41700
The CVE-2025-41700 entry concerns CODESYS Development System. The connected sources describe a vulnerability where an unauthenticated attacker can cause arbitrary code execution by tricking a local user into opening a specially crafted CODESYS project file, with code executed in the user’s contex...
EUVD-2025-27233
Malicious code in bioql PyPI...
CVE-2025-41701
An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context...
CVE-2025-41701
An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context...
CVE-2025-41701
Beckhoff TwinCAT 3 Engineering contains a vulnerability (CVE-2025-41701) where deserialization of untrusted data can be triggered by a manipulated project file, allowing an unauthenticated local attacker to execute arbitrary commands in the user’s context. The available connected sources confirm ...
CVE-2025-41701 Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering
An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context...
PT-2025-36688
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected...
CVE-2021-34597
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory...
Input validation
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory...
M&M Fdtcontainer Code Issue Vulnerability
M&M Fdtcontainer is a plug-and-play FDT framework application that can be customized to meet the needs of customers by China Meiming M&M. A code issue vulnerability exists in M&M fdtCONTAINER component Version 3, which can be exploited by an attacker to load a manipulated project file and malicio...
CVE-2019-16675
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+...
Out-of-bounds
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+...
CVE-2019-12869
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an...
CVE-2019-12869
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an...
CVE-2019-12870
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Confi...
CVE-2019-12871
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ proje...
CVE-2019-12871
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ proje...
CVE-2019-10924
A vulnerability has been identified in LOGO! Soft Comfort All versions V8.3. The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated...
CVE-2019-10924
A vulnerability has been identified in LOGO! Soft Comfort All versions V8.3. The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated...