CVSS: 7.5EPSS: 0%CPEs: 73EXPL: 0CVE-2021-20986 – Hilscher: Denial of Service vulnerability in PROFINET IO Device
https://notcve.org/view.php?id=CVE-2021-20986
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication. Se encontró una vulnerabilidad de Denegación de Servicio en Hilscher PROFINET IO Device versiones V3 anteriores a V3.14.0.7. Esto puede conllevar a una pérdida inesperada de la comunicación cíclica o a una interrupción de la comunicación acíclica • https://cert.vde.com/en-us/advisories/vde-2021-006 https://kb.hilscher.com/display/ISMS/2020-12-03+Denial+of+Service+vulnerability+in+PROFINET+IO+Device • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2020-12525 – WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component
https://notcve.org/view.php?id=CVE-2020-12525
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. El componente fdtCONTAINER de M&M Software en versiones por debajo de 3.5.20304.x y entre 3.6 y 3.6.20304.x, es vulnerable a una deserialización de datos que no son de confianza en el almacenamiento de su proyecto • https://cert.vde.com/en-us/advisories/vde-2020-038 https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-12511 – Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-12511
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la interfaz web Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities. • https://cert.vde.com/en-us/advisories/vde-2020-038 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 24EXPL: 0CVE-2020-12513 – Pepper+Fuchs Comtrol IO-Link Master OS Command Injection
https://notcve.org/view.php?id=CVE-2020-12513
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a una inyección de comandos de Sistema Operativo ciega autenticada Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities. • https://cert.vde.com/en-us/advisories/vde-2020-038 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.6EPSS: 0%CPEs: 24EXPL: 0CVE-2020-12514 – Pepper+Fuchs Comtrol IO-Link Master NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2020-12514
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a una desreferencia del puntero NULL que conduce a una DoS en discoveryd Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities. • https://cert.vde.com/en-us/advisories/vde-2020-038 • CWE-476: NULL Pointer Dereference •