CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-41655 – PEPPERL+FUCHS: Attacker can cause a DoS via URL
https://notcve.org/view.php?id=CVE-2025-41655
26 May 2025 — An unauthenticated remote attacker can access a URL which causes the device to reboot. Un atacante remoto no autenticado puede acceder a una URL que provoca que el dispositivo se reinicie. • https://certvde.com/en/advisories/VDE-2025-011 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-41654 – PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by information disclosure via the SNMP protocol
https://notcve.org/view.php?id=CVE-2025-41654
26 May 2025 — An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog. Un atacante remoto no autenticado puede acceder a información sobre los procesos en ejecución mediante el protocolo SNMP. La cantidad de datos devueltos puede provocar un reinicio del sistema por parte del watchdog. • https://cert.vde.com/en/advisories/VDE-2025-011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1985 – PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-1985
26 May 2025 — Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device. Debido a la neutralización incorrecta de la entrada durante la generación de páginas web (XSS), un atacante remoto no autenticado puede inyectar código HTML en la interfaz de usuario web del dispositivo afectado. • https://cert.vde.com/en/advisories/VDE-2025-011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •