Advisories

Für CVSS 2.0, 3.0 und 3.2
VDE-2018-009
Okt. 23, 2018, 12:00 nachm.

Pepperl+Fuchs: Security advisory for MELTDOWN and SPECTRE attacks in ecom mobile Devices

Critical vulnerabilities within several CPUs have been identified by security researchers. These hardware vulnerabilities allow programs to learn about the contents of a system's memory, using side-channel attacks. Potential attack …
CVE-2017-5715
CVE-2017-5754
CVE-2017-5753
VDE-2018-008
Juli 6, 2018, 3:37 nachm.

Pepperl+Fuchs: Remote Code Execution Vulnerability in HMI Devices

A remote code execution vulnerability in the Microsoft's Credential Security Support Provider protocol (CredSSP) was identified by security researchers. If exploited successfully, it is possible to relay user credentials for …
CVE-2018-0886
VDE-2018-006
Mai 14, 2025, 3:00 nachm.

Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series through 1.33 has a Stack-based Buffer Overflow

An attacker may insert a carefully crafted cookie into a GET menu_pxc.cgi or GET index.cgi request to cause a buffer overflow that can initiate a Denial of Service attack and …
CVE-2018-10728
VDE-2018-007
Mai 22, 2025, 3:03 nachm.

Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series - Stack-based Buffer Overflow in shared object file

An attacker may exploit a 'long cookie' related vulnerability to cause a buffer overflow that allows unauthorized access to the switches operating system files. The attacker can then insert executable …
CVE-2018-10731
VDE-2018-005
Mai 16, 2018, 7:35 vorm.

Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series through 1.33 allows Information Exposure

Web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. Clever manipulation of a web login request can expose the contents of …
CVE-2018-10729
VDE-2018-004
Mai 14, 2025, 2:28 nachm.

Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series through 1.33 allows Command Injection

An attacker with permission to transfer configuration files to/from the switch or permission to upgrade firmware, is able to execute arbitrary OS shell commands. CGI applications config_transfer.cgi and software_update.cgi are …
CVE-2018-10730
VDE-2018-003
Mai 14, 2025, 3:00 nachm.

PHOENIX CONTACT: addressing Meltdown and Spectre vulnerabilities

Several CPUs manufactured by Intel, AMD or based on ARM technology may leak information due to their internal operation if attacked by specifically written software executed on the affected systems. …
CVE-2017-5715
CVE-2017-5754
CVE-2017-5753
VDE-2018-002
Mai 14, 2025, 2:28 nachm.

Pepperl+Fuchs: HMI devices vulnerable to Meltdown and Spectre Attacks

Critical vulnerabilities within several CPUs have been identified by security researchers. These hardware vulnerabilities allow programs to learn about the contents of a system's memory, using side-channel attacks. Potential attack …
CVE-2017-5715
CVE-2017-5754
CVE-2017-5753