Advisories

Für CVSS 2.0, 3.0 und 3.2
VDE-2022-052
Nov. 21, 2022, 10:00 vorm.

Miele: Vulnerability in ease2pay cloud service used by appWash

Up until October 5th, 2022 the ease2pay API used by Miele's "AppWash" MobileApp was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain …
CVE-2022-3589
VDE-2022-051
Mai 22, 2025, 3:03 nachm.

PHOENIX CONTACT: Denial-of-Service vulnerability in mGuard product family

A denial of service of the HTTPS management interface of PHOENIX CONTACT FL MGUARD and TC MGUARD devices can be triggered by a larger number of unauthenticated HTTPS connections originating …
CVE-2022-3480
VDE-2022-048
Mai 14, 2025, 3:00 nachm.

PHOENIX CONTACT: Automationworx BCP File Parsing Vulnerabilities

Manipulated PC Worx or Config+ files could lead to a heap buffer overflow, release of unallocated memory or a read access violation due to insufficient validation of input data.The attacker …
CVE-2022-3737
CVE-2022-3461
VDE-2022-046
Mai 22, 2025, 3:03 nachm.

PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware

UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022) Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. PLCnext Control …
CVE-2022-32207
CVE-2022-25315
CVE-2022-25236
CVE-2022-25235
CVE-2022-0547
CVE-2022-0729
CVE-2022-24407
CVE-2022-28391
CVE-2022-27778
CVE-2022-22576
CVE-2022-2257
CVE-2022-2206
CVE-2022-2264
CVE-2022-2288
CVE-2022-2289
CVE-2022-2286
CVE-2022-2284
CVE-2022-2285
CVE-2022-2345
CVE-2022-2344
CVE-2022-2210
CVE-2022-2207
CVE-2022-2343
CVE-2022-2183
CVE-2022-2182
CVE-2022-2175
CVE-2022-2129
CVE-2022-1942
CVE-2022-1927
CVE-2021-3973
CVE-2022-0368
CVE-2022-0361
CVE-2022-0685
CVE-2022-0572
CVE-2022-1160
CVE-2022-0943
CVE-2022-1154
CVE-2022-1720
CVE-2022-1898
CVE-2022-1851
CVE-2022-1886
CVE-2022-1785
CVE-2022-1769
CVE-2022-1735
CVE-2022-1629
CVE-2022-1619
CVE-2022-1616
CVE-2022-1621
CVE-2022-1796
CVE-2022-1733
CVE-2022-1381
CVE-2022-0778
CVE-2022-29864
CVE-2022-29862
CVE-2019-19906
CVE-2022-27775
CVE-2022-27781
CVE-2022-27780
CVE-2022-25314
CVE-2022-27782
CVE-2018-25032
CVE-2022-1620
CVE-2022-23308
CVE-2021-3796
CVE-2022-2287
CVE-2021-4166
CVE-2021-45117
CVE-2022-32206
CVE-2022-27776
CVE-2022-25313
CVE-2022-29824
CVE-2022-32208
CVE-2022-27774
CVE-2022-2231
CVE-2022-2208
CVE-2022-0714
CVE-2022-0696
CVE-2022-1771
CVE-2022-1674
CVE-2022-1420
CVE-2022-27779
CVE-2022-32205
CVE-2022-30115
VDE-2022-043
Nov. 7, 2022, 1:14 nachm.

Wiesemann & Theis: Multiple Vulnerabilities in the Com-Server Family

Multiple Wiesemann & Theis product families are affected by multiple vulnerabilities in the web interface.
CVE-2022-42787
CVE-2022-42785
CVE-2022-42786
VDE-2022-049
Mai 22, 2025, 3:03 nachm.

TRUMPF: Multiple products prone to X.Org server vulnerabilities

TruControl laser control software from versions 1.60.0 to 3.40.0 use a vulnerable X.Org server versions. The affected X.Org vulnerability is not validating the request length properly for the handler 'ProcXkbSetGeometry'. …
CVE-2022-2320
CVE-2022-2319
VDE-2022-023
Okt. 17, 2022, 12:00 nachm.

TRUMPF TruTops prone to improper access control

During the installation of specific TRUMPF Windows applications, privileged local users with default usernames and passwords are created. An adversary could use these users to access and compromise the affected …
CVE-2022-2052
VDE-2022-040
Sept. 22, 2023, 2:39 nachm.

WAGO: Multiple Vulnerabilities in Controller with WAGO I/O-Pro / CODESYS 2.3 Runtime

UPDATE A: Solution has updated release datesUPDATE B: Solution has updated release datesThis Advisory is published with reference to: CODESYS Advisory 2022-11 (Security update for CODESYS Control V2) CODESYS Advisory …
CVE-2022-31802
CVE-2022-31806
CVE-2022-32137
CVE-2022-32138
CVE-2022-32143
CVE-2022-1965
CVE-2022-32142
CVE-2022-31804
CVE-2022-31805
CVE-2022-32136
CVE-2022-32139
CVE-2022-32140
CVE-2022-32141
CVE-2022-31803