Pepperl+Fuchs
Products
14- 8 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
22| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12513 | 0.01 | — | 0.31 | Jan 22, 2021 | Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. | |||
| CVE-2020-12503 | 0.01 | — | 0.23 | Oct 15, 2020 | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3… | |||
| CVE-2024-38502 | 0.00 | — | 0.00 | Aug 13, 2024 | An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. | |||
| CVE-2024-38501 | 0.00 | — | 0.00 | Aug 13, 2024 | An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. | |||
| CVE-2024-5849 | 0.00 | — | 0.00 | Aug 13, 2024 | An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. | |||
| CVE-2024-6422 | 0.00 | — | 0.01 | Jul 10, 2024 | An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. | |||
| CVE-2024-6421 | 0.00 | — | 0.01 | Jul 10, 2024 | An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. | |||
| CVE-2021-34565 | 0.00 | — | 0.01 | Aug 31, 2021 | In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. | |||
| CVE-2021-34564 | 0.00 | — | 0.00 | Aug 31, 2021 | Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9. | |||
| CVE-2021-34563 | 0.00 | — | 0.00 | Aug 31, 2021 | In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript. | |||
| CVE-2021-34562 | 0.00 | — | 0.01 | Aug 31, 2021 | In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. | |||
| CVE-2021-34561 | 0.00 | — | 0.01 | Aug 31, 2021 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying… | |||
| CVE-2021-34560 | 0.00 | — | 0.00 | Aug 31, 2021 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. | |||
| CVE-2021-34559 | 0.00 | — | 0.01 | Aug 31, 2021 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. | |||
| CVE-2021-33555 | 0.00 | — | 0.01 | Aug 31, 2021 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | |||
| CVE-2021-20988 | 0.00 | — | 0.01 | May 13, 2021 | In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device. | |||
| CVE-2020-12525 | 0.00 | — | 0.01 | Jan 22, 2021 | M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | |||
| CVE-2020-12512 | 0.00 | — | 0.01 | Jan 22, 2021 | Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting | |||
| CVE-2020-12504 | 0.00 | — | 0.03 | Oct 15, 2020 | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3… | |||
| CVE-2020-12502 | 0.00 | — | 0.01 | Oct 15, 2020 | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3… |
- CVE-2020-12513Jan 22, 2021risk 0.01cvss —epss 0.31
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
- CVE-2020-12503Oct 15, 2020risk 0.01cvss —epss 0.23
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3…
- CVE-2024-38502Aug 13, 2024risk 0.00cvss —epss 0.00
An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.
- CVE-2024-38501Aug 13, 2024risk 0.00cvss —epss 0.00
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.
- CVE-2024-5849Aug 13, 2024risk 0.00cvss —epss 0.00
An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.
- CVE-2024-6422Jul 10, 2024risk 0.00cvss —epss 0.01
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
- CVE-2024-6421Jul 10, 2024risk 0.00cvss —epss 0.01
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.
- CVE-2021-34565Aug 31, 2021risk 0.00cvss —epss 0.01
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
- CVE-2021-34564Aug 31, 2021risk 0.00cvss —epss 0.00
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.
- CVE-2021-34563Aug 31, 2021risk 0.00cvss —epss 0.00
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
- CVE-2021-34562Aug 31, 2021risk 0.00cvss —epss 0.01
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.
- CVE-2021-34561Aug 31, 2021risk 0.00cvss —epss 0.01
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying…
- CVE-2021-34560Aug 31, 2021risk 0.00cvss —epss 0.00
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
- CVE-2021-34559Aug 31, 2021risk 0.00cvss —epss 0.01
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.
- CVE-2021-33555Aug 31, 2021risk 0.00cvss —epss 0.01
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
- CVE-2021-20988May 13, 2021risk 0.00cvss —epss 0.01
In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.
- CVE-2020-12525Jan 22, 2021risk 0.00cvss —epss 0.01
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
- CVE-2020-12512Jan 22, 2021risk 0.00cvss —epss 0.01
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
- CVE-2020-12504Oct 15, 2020risk 0.00cvss —epss 0.03
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3…
- CVE-2020-12502Oct 15, 2020risk 0.00cvss —epss 0.01
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3…