CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34560 – A vulnerability in WirelessHART-Gateway <= 3.0.9 could lead to information exposure of sensitive information
https://notcve.org/view.php?id=CVE-2021-34560
31 Aug 2021 — In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.9 incluyéndola, un formulario contiene un campo password con autocompletado habilitado. Las credenciales almacenadas pueden ser capturadas por un atacante que obtenga el control del ordena... • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34559 – A vulnerability in WirelessHART-Gateway <= 3.0.8 may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings
https://notcve.org/view.php?id=CVE-2021-34559
31 Aug 2021 — In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.8 incluyéndola, una vulnerabilidad puede permitir a atacantes remotos reescribir enlaces y URLs en las páginas cache a cadenas arbitrarias • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33555 – A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway
https://notcve.org/view.php?id=CVE-2021-33555
31 Aug 2021 — In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. En PEPPERL+FUCHS WirelessHART-Gateway versiones anteriores a 3.0.7 incluyéndola, el parámetro filename es vulnerable a ataques de salto de ruta no autenticados, permitiendo el acceso de lectura a archivos arbitrarios en el servidor • https://cert.vde.com/en-us/advisories/vde-2021-027 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 17EXPL: 0CVE-2021-20988 – Hilscher rcX RTOS: Wrong handling of the UDP checksum
https://notcve.org/view.php?id=CVE-2021-20988
13 May 2021 — In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device. En Hilscher rcX RTOS versiones anteriores a V2.1.14.1, la longitud real del paquete UDP no es verificado con la longitud indicada por el paquete. Esto puede resultar a una denegación de servicio del dispositivo afectado • https://cert.vde.com/de-de/advisories/vde-2021-018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 23EXPL: 0CVE-2021-20987 – Hilscher: EtherNet/IP stack crash for specific CIP service
https://notcve.org/view.php?id=CVE-2021-20987
16 Feb 2021 — A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. Se encontró una vulnerabilidad de denegación de servicio y corrupción de memoria en Hilscher EtherNet/IP Core versiones V2 anteriores a V2.13.0.21, que puede conllevar a una inyección de código a través de la red o hacer que los dispositivos se bloqueen sin recuperación • https://cert.vde.com/en-us/advisories/vde-2021-007 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 73EXPL: 0CVE-2021-20986 – Hilscher: Denial of Service vulnerability in PROFINET IO Device
https://notcve.org/view.php?id=CVE-2021-20986
16 Feb 2021 — A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication. Se encontró una vulnerabilidad de Denegación de Servicio en Hilscher PROFINET IO Device versiones V3 anteriores a V3.14.0.7. Esto puede conllevar a una pérdida inesperada de la comunicación cíclica o a una interrupción de la comunicación acíclica • https://cert.vde.com/en-us/advisories/vde-2021-006 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2020-12525 – WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component
https://notcve.org/view.php?id=CVE-2020-12525
22 Jan 2021 — M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. El componente fdtCONTAINER de M&M Software en versiones por debajo de 3.5.20304.x y entre 3.6 y 3.6.20304.x, es vulnerable a una deserialización de datos que no son de confianza en el almacenamiento de su proyecto • https://cert.vde.com/en-us/advisories/vde-2020-038 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 1CVE-2020-12511 – Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-12511
13 Jan 2021 — Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la interfaz web Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer... • https://packetstorm.news/files/id/160933 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2020-12512 – Pepper+Fuchs Comtrol IO-Link Master Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-12512
13 Jan 2021 — Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a un ataque de tipo Cross-Site Scripting reflejado autenticado de una POST Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabili... • https://packetstorm.news/files/id/160933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 5%CPEs: 24EXPL: 1CVE-2020-12513 – Pepper+Fuchs Comtrol IO-Link Master OS Command Injection
https://notcve.org/view.php?id=CVE-2020-12513
13 Jan 2021 — Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a una inyección de comandos de Sistema Operativo ciega autenticada Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities. • https://packetstorm.news/files/id/160933 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •