Search Results (364787 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-34600 1 Telenot 1 Compasx 2024-11-21 5.5 Medium
Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.
CVE-2021-34599 1 Codesys 2 Development System, Git 2024-11-21 7.4 High
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.
CVE-2021-34598 1 Phoenixcontact 4 Fl Mguard 1102, Fl Mguard 1102 Firmware, Fl Mguard 1105 and 1 more 2024-11-21 7.5 High
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active
CVE-2021-34597 1 Phoenixcontact 2 Pc Worx, Pc Worx Express 2024-11-21 7.8 High
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.
CVE-2021-34594 1 Beckhoff 4 Tf6100, Tf6100 Firmware, Ts6100 and 1 more 2024-11-21 6.5 Medium
TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.
CVE-2021-34592 1 Bender 4 Cc612, Cc612 Firmware, Cc613 and 1 more 2024-11-21 8.8 High
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
CVE-2021-34591 1 Bender 4 Cc612, Cc612 Firmware, Cc613 and 1 more 2024-11-21 7.8 High
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
CVE-2021-34590 1 Bender 4 Cc612, Cc612 Firmware, Cc613 and 1 more 2024-11-21 5.4 Medium
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.
CVE-2021-34589 1 Bender 9 Cc612, Cc612 Firmware, Cc613 and 6 more 2024-11-21 7.5 High
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.
CVE-2021-34588 1 Bender 4 Cc612, Cc612 Firmware, Cc613 and 1 more 2024-11-21 8.6 High
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
CVE-2021-34587 2 Bender, Ibm 9 Cc612, Cc612 Firmware, Cc613 and 6 more 2024-11-21 5.3 Medium
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.
CVE-2021-34582 1 Phoenixcontact 4 Fl Mguard 1102, Fl Mguard 1102 Firmware, Fl Mguard 1105 and 1 more 2024-11-21 4.8 Medium
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.
CVE-2021-34581 1 Wago 18 750-831, 750-831\/000-002, 750-831\/000-002 Firmware and 15 more 2024-11-21 7.5 High
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
CVE-2021-34580 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 7.5 High
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
CVE-2021-34578 1 Wago 24 750-362, 750-362 Firmware, 750-363 and 21 more 2024-11-21 9.8 Critical
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
CVE-2021-34576 1 Kadenvodomery 2 Picoflux Air, Picoflux Air Firmware 2024-11-21 4.3 Medium
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.
CVE-2021-34575 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 7.5 High
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
CVE-2021-34574 2 Helmholz, Mbconnectline 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more 2024-11-21 4.3 Medium
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
CVE-2021-34573 1 Enbra 1 Ewm 2024-11-21 6.2 Medium
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.
CVE-2021-34572 1 Enbra 1 Ewm 2024-11-21 6.5 Medium
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.