Vulnerabilities > Weidmueller > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-3073 Cross-site Scripting vulnerability in Weidmueller products
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g.
network
low complexity
weidmueller CWE-79
6.1
2021-06-25 CVE-2021-33529 Use of Hard-coded Credentials vulnerability in Weidmueller products
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.
network
low complexity
weidmueller CWE-798
5.0
2021-06-25 CVE-2021-33535 Use of Externally-Controlled Format String vulnerability in Weidmueller products
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality.
network
low complexity
weidmueller CWE-134
6.5
2021-06-25 CVE-2021-33536 Integer Underflow (Wrap or Wraparound) vulnerability in Weidmueller products
In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality.
network
low complexity
weidmueller CWE-191
5.0
2021-06-25 CVE-2021-33537 Classic Buffer Overflow vulnerability in Weidmueller products
In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality.
network
low complexity
weidmueller CWE-120
6.5
2021-06-25 CVE-2021-33539 Improper Authentication vulnerability in Weidmueller products
In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing.
network
low complexity
weidmueller CWE-287
6.5
2021-01-22 CVE-2020-12525 Deserialization of Untrusted Data vulnerability in multiple products
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
6.8
2019-12-06 CVE-2019-16674 Cleartext Transmission of Sensitive Information vulnerability in Weidmueller products
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices.
network
low complexity
weidmueller CWE-319
5.0
2019-12-06 CVE-2019-16673 Insufficiently Protected Credentials vulnerability in Weidmueller products
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices.
network
low complexity
weidmueller CWE-522
4.0
2019-12-06 CVE-2019-16672 Insufficiently Protected Credentials vulnerability in Weidmueller products
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices.
network
low complexity
weidmueller CWE-522
5.0