EUVD-2017-7825

Malware in sbrugna...

Wago Multiple Products Improper Privilege Management (CVE-2023-3379)

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

Festo Firmware Insufficient Technical Documentation (CVE-2022-3270)

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

WAGO Series 750-88x and 750-87x Use of Hard-Coded Credentials (CVE-2019-10712)

The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access. This plugin only works with Tenable.ot. Please visit...

PHOENIX CONTACT PLCNext AXC F 2152 Channel Accessible By Non-Endpoint (CVE-2019-10997)

An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be...

Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

WAGO M&M Software fdtCONTAINER (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Equipment: fdtCONTAINER Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

SWARCO CPU LS4000

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SWARCO TRAFFIC SYSTEMS Equipment: CPU LS4000 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to the device and disturb...

CVE-2020-10383

creationtimestamp| type| source ---|---|--- 2020-04-14 20:44:24+00:00| seen| https://t.me/cibsecurity/11225 2026-03-24 03:00:05+00:00| seen| https://certvde.com/de/advisories/VDE-2026-025 2026-03-24 03:00:06+00:00| seen| https://certvde.com/en/advisories/VDE-2026-024/...

ICSA-20-063-02_PHOENIX CONTACT Emalytics Controller ILC

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Emalytics Controller ILC 2050 BIL Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability...

PHOENIX CONTACT RAD-80211-XD

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: RAD-80211-XD Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute system level commands...

WAGO e!COCKPIT Firmware Downgrade Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version...

WAGO e!Cockpit authentication hard-coded encryption key vulnerability

Summary A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. Test...

PHOENIX CONTACT FL SWITCH

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PHOENIX CONTACT Equipment: FL SWITCH Vulnerabilities: Cross-site Request Forgery, Improper Restriction of Excessive Authentication Attempts, Cleartext Transmission of Sensitive Information, Resourc...

PEPPERL+FUCHS CT50-Ex

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PEPPERL+FUCHS Equipment: CT50-Ex Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious third-party application to...

PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client

1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: PEPPERL+FUCHS Equipment: VisuNet RM, VisuNet PC, Box Thin Client BTC Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept sensitive communications, establish a...

PEPPERL+FUCHS/ecom instruments WLAN Capable Devices using the WPA2 Protocol

CVSS v3 8.1 ATTENTION: Low skill level is needed to exploit. Public exploits are available. Vendor: PEPPERL+FUCHS/ecom instruments Equipment: WLAN capable devices using the WPA2 Protocol Vulnerabilities: Reusing a Nonce AFFECTED PRODUCTS PEPPERL+FUCHS/ecom instruments reports that these...

GLSA-201711-11 : VDE: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201711-11 VDE: Privilege escalation It was discovered that Gentoos default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe chown command which gives members from...

VDE: Privilege escalation

Background VDE is an ethernet compliant virtual network that can be spawned over a set of physical computer over the Internet. Description It was discovered that Gentoo’s default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe...

Gentoo net-misc/vde elevation of privilege vulnerability

The Gentoo net-misc/vde package is a set of distributed virtual networking frameworks from the Gentoo Foundation. A security vulnerability exists in versions of the Gentoo net-misc/vde package prior to 2.3.2-r4. An attacker can exploit this vulnerability to gain root privileges by creating hard...