Advisories | CERT@VDE

2024-05-14 08:00 VDE-2024-019

PHOENIX CONTACT: Multiple vulnerabilities in the Firmware of CHARX SEC charge controllers

Multiple vulnerabilities have been discovered in the Firmware of CHARX SEC charge controllers.

more ...

CVE-2024-28133: 7.8

CVE-2024-28136: 7.8

CVE-2024-28137: 7.8

CVE-2024-28134: 7.0

CVE-2024-28135: 4.3

2024-05-06 08:00 VDE-2024-024

CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files

Local attackers can cause affected CODESYS Development System V2.3 installations to crash or execute code by opening malicious project files.

The CODESYS Development System V2.3 is an IEC 61131-3 programming tool for the industrial controller and automation technology sector. It stores the program code for the controller and its configuration in project files (*.pro).

more ...

CVE-2023-49675: 7.8

CWE-2023-49676: 5.5

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (9)

Bender (2)

CODESYS (9)

Endress+Hauser (10)

Festo (11)

Festo Didactic (6)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (7)

HIMA (2)

ifm (1)

Innominate (2)

Lenze (2)

MB connect line (9)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (26)

PHOENIX CONTACT (81)

Pilz (13)

Red Lion Europe (2)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (2)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (55)

Weidmueller (10)

Welotec (2)

Wiesemann & Theis (3)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0

PHOENIX CONTACT: Multiple vulnerabilities in the Firmware of CHARX SEC charge controllers

CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files

Feeds

By Vendor

Archive

2024

2023

2022

2021

2020

2019

2018

2017

Legend