Filtered by vendor Pepperl-fuchs
Subscriptions
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-6422 | 1 Pepperl-fuchs | 8 Oit1500-f113-b12-cb, Oit1500-f113-b12-cb Firmware, Oit200-f113-b12-cb and 5 more | 2024-11-21 | 9.8 Critical |
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. | ||||
CVE-2024-6421 | 1 Pepperl-fuchs | 8 Oit1500-f113-b12-cb, Oit1500-f113-b12-cb Firmware, Oit200-f113-b12-cb and 5 more | 2024-11-21 | 7.5 High |
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. | ||||
CVE-2021-34565 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-11-21 | 9.8 Critical |
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. | ||||
CVE-2021-34564 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2024-11-21 | 5.5 Medium |
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9. | ||||
CVE-2021-34563 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-11-21 | 3.3 Low |
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript. | ||||
CVE-2021-34562 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-11-21 | 5.4 Medium |
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. | ||||
CVE-2021-34561 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-11-21 | 7.5 High |
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser. | ||||
CVE-2021-34560 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-11-21 | 5.5 Medium |
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. | ||||
CVE-2021-34559 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-11-21 | 5.4 Medium |
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. | ||||
CVE-2021-33555 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2024-11-21 | 7.5 High |
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | ||||
CVE-2021-20988 | 2 Hilscher, Pepperl-fuchs | 17 Rcx Rtos, Ice1-16di-g60l-v1d, Ice1-16di-g60l-v1d Firmware and 14 more | 2024-11-21 | 8.6 High |
In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device. | ||||
CVE-2021-20987 | 2 Hilscher, Pepperl-fuchs | 23 Ethernet\/ip Adapter, Ethernet\/ip Adapter Firmware, Pcv100-f200-b25-v1d-6011 and 20 more | 2024-11-21 | 8.6 High |
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. | ||||
CVE-2021-20986 | 2 Hilscher, Pepperl-fuchs | 73 Profinet Io Device, Profinet Io Device Firmware, Ohv-f230-b17 and 70 more | 2024-11-21 | 7.5 High |
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication. | ||||
CVE-2020-12525 | 4 Emerson, Pepperl-fuchs, Wago and 1 more | 19 Rosemount Transmitter Interface Software, Io-link Master 4-eip, Io-link Master 4-pnio and 16 more | 2024-11-21 | 7.3 High |
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | ||||
CVE-2020-12514 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2024-11-21 | 6.6 Medium |
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd | ||||
CVE-2020-12513 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2024-11-21 | 7.5 High |
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. | ||||
CVE-2020-12512 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2024-11-21 | 7.5 High |
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting | ||||
CVE-2020-12511 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2024-11-21 | 8.8 High |
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. | ||||
CVE-2020-12504 | 3 Korenix, Pepperl-fuchs, Westermo | 58 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 55 more | 2024-11-21 | 9.8 Critical |
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | ||||
CVE-2020-12503 | 2 Korenix, Pepperl-fuchs | 56 Jetnet 4510, Jetnet 4510 Firmware, Jetnet 4706 and 53 more | 2024-11-21 | 7.2 High |
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. |