Max CVSS 10.0 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-16672 5.0
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.
01-04-2022 - 15:48 06-12-2019 - 18:15
CVE-2019-16674 5.0
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compr
21-07-2021 - 11:39 06-12-2019 - 18:15
CVE-2018-12981 3.5
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injec
20-05-2021 - 20:09 12-07-2018 - 18:29
CVE-2018-12979 5.5
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.
20-05-2021 - 20:09 12-07-2018 - 18:29
CVE-2018-12980 6.5
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
20-05-2021 - 20:09 12-07-2018 - 18:29
CVE-2019-19885 6.4
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP70
26-10-2020 - 20:33 16-10-2020 - 13:15
CVE-2019-20481 5.0
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
24-08-2020 - 17:37 24-02-2020 - 15:15
CVE-2020-12499 4.4
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
05-08-2020 - 14:35 21-07-2020 - 15:15
CVE-2020-9464 7.8
A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device's functionality can be restored by rebooting.
16-03-2020 - 16:43 12-03-2020 - 14:15
CVE-2020-9436 9.0
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17
16-03-2020 - 15:52 12-03-2020 - 14:15
CVE-2020-9435 5.0
PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17
16-03-2020 - 15:47 12-03-2020 - 14:15
CVE-2019-20480 6.8
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection.
28-02-2020 - 01:09 24-02-2020 - 15:15
CVE-2019-16671 6.8
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Res
12-12-2019 - 18:54 06-12-2019 - 18:15
CVE-2019-16670 7.5
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.
12-12-2019 - 18:42 06-12-2019 - 18:15
CVE-2019-16673 4.0
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.
10-12-2019 - 15:19 06-12-2019 - 18:15
CVE-2019-12871 6.8
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get
27-06-2019 - 16:33 24-06-2019 - 15:15
CVE-2019-12869 6.8
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execut
27-06-2019 - 16:27 24-06-2019 - 16:15
CVE-2019-12870 6.8
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker need
27-06-2019 - 16:26 24-06-2019 - 16:15
CVE-2019-12549 10.0
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
19-06-2019 - 17:51 17-06-2019 - 17:15
CVE-2019-12550 10.0
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
19-06-2019 - 17:11 17-06-2019 - 17:15
CVE-2018-16059 5.0
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.
21-03-2019 - 16:00 07-09-2018 - 22:29
Back to Top Mark selected
Back to Top