Latest CVE Feed
-
7.2
HIGHCVE-2021-33548
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33547
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33546
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33545
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33544
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33543
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33542
Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because o... Read more
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33541
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially... Read more
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33540
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.... Read more
- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33539
In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local tra... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33538
In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account ... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-33537
In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer,... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33536
In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-33535
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting ... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33534
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system command... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33533
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, ... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33532
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system ... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33531
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation o... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-33530
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands ... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33529
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.... Read more
Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024