关键漏洞信息 WAGO: Multiple Vulnerabilities in CODESYS components - 日期: Nov. 3, 2025 - 详情: Several WAGO firmwares installed on different devices are impacted by various CODESYS vulnerabilities. These affect the runtime, visualization, and OPC UA server. - CVE: CVE-2025-1468, CVE-2025-0694, CVE-2025-2595 Sauter: Multiple vulnerabilities in SAUTER modulo 6 - 日期: Oct. 27, 2025 - 详情: Vulnerabilities have been discovered in the embedded firmware of SAUTER modulo 6 devices. These vulnerabilities affect the embedded web server as well as the interface to the SAUTER CASE Suite. - CVE: CVE-2025-41720, CVE-2025-41721, CVE-2025-41722, CVE-2025-41723, CVE-2025-41724, CVE-2025-41725 Pilz: Vulnerability affecting PASvisu Runtime - 日期: Oct. 20, 2025 - 详情: The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by a malicious web request. - CVE: CVE-2025-51495 Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers - 日期: Oct. 15, 2025 - 详情: A vulnerability in the firmware of CHARX SEC-3xxx charging controllers has been discovered. - CVE: CVE-2025-41699 Murrelektronik: Cleartext Transmission of Sensitive Information in IMPACT67 Pro - 日期: Oct. 14, 2025 - 详情: The embedded web interface of the MURRELEKTRONIK IMPACT67 Pro PN DIO8 IOL8 transmits login credentials over unencrypted HTTP using a GET request. The device does not offer HTTPS/TLS support. - CVE: CVE-2025-41718 Phoenix Contact: Security Advisory for QUINT4-UPS EIP - 日期: Oct. 14, 2025 - 详情: Multiple vulnerabilities were discovered in the firmware of QUINT4-UPS EIP devices that can be used by an unauthenticated remote attacker to perform Denial of Service attacks and to gather login credentials. - CVE: CVE-2025-41703, CVE-2025-41704, CVE-2025-41705, CVE-2025-41706, CVE-2025-41707 WAGO: Vulnerabilities in Device Sphere and Solution Builder - 日期: Sept. 24, 2025 - 详情: Due to a missing authentication check, the WAGO Solution Builder and the WAGO Device Sphere are vulnerable to a potential information exposure. - CVE: CVE-2025-41715, CVE-2025-41716 WAGO: Vulnerability in hardware switch circuit - 日期: Sept. 15, 2025 - 详情: The vulnerability in the Ethernet switch circuit is caused by a PullUp resistor at the reset input, leading to premature activation and undefined operation. - CVE: CVE-2025-41713