Vulnerabilities > Pepperl Fuchs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-38502 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. | 7.1 |
| 2024-08-13 | CVE-2024-5849 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. | 7.1 |
| 2024-07-10 | CVE-2024-6421 | Unspecified vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. | 7.5 |
| 2021-08-31 | CVE-2021-34561 | Reliance on Reverse DNS Resolution for a Security-Critical Action vulnerability in Pepperl-Fuchs products In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. | 8.8 |
| 2021-02-16 | CVE-2021-20987 | Out-of-bounds Write vulnerability in multiple products A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. | 7.8 |
| 2020-10-15 | CVE-2020-12504 | Hidden Functionality vulnerability in multiple products Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | 7.5 |
| 2020-10-15 | CVE-2020-12500 | Missing Authentication for Critical Function vulnerability in Pepperl-Fuchs products Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration. | 7.5 |