A complete list of public advisories can be found here.
Exemys RME1
WAGO 750-36X and WAGO 750-8XX
Schneider Electric Enerlin'X Com’X 510
ProSoft Technology ICX35
Emerson Rosemount X-STREAM
ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 2.x
ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 1.x
Bender COMTRAXX Vulnerability
WAGO 750-36X and 750-8XX Versions <= FW03
WAGO 750-8XX Version <= FW07
ABB Telephone Gateway TG/S 3.2
Siemens OZW Web Server
Siemens SCALANCE X Switches
ABB PVI-AEC-EVO Data Logger
Honeywell IP-AK2
ABB UNO-DM (multiple devices)
TECSON/GOK (multiple devices)
MIELE XGW 3000 ZigBee Gatewayv
PHOENIX CONTACT FL NAT SMx
CVE-2022-2197 (CWE-287: Improper Authentication)
WAGO 750-36X and WAGO 750-8XX
CVE-2021-34578 (CWE-287: Improper Authentication)
Schneider Electric Enerlin'X Com’X 510
CVE-2021-22769 (CWE-269: Improper Privilege Management)
ProSoft Technology ICX35
CVE-2021-22661 (CWE-264 Permissions, Privileges, and Access Controls)
Emerson Rosemount X-STREAM
CVE-2020-27254 (CWE-297 Improper Authentication)
ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 2.x
CVE-2020-12496 (CWE-200 Exposure of Sensitive Information to an Unauthorized Actor)
ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 1.x
CVE-2020-12495 (CWE-269 Improper Privilege Management)
Bender COMTRAXX Vulnerability
CVE-2019-19885 (CWE-297 Improper Authentication)
WAGO 750-36X and 750-8XX Versions <= FW03
CVE-2020-12506 (CWE-287: Improper Authentication and Access Control)
WAGO 750-8XX Version <= FW07
CVE-2020-12505 (CWE-287: Improper Authentication and Access Control)
ABB Telephone Gateway TG/S 3.2
CVE-2019-19107 (CWE-200: Information Exposure)
CVE-2019-19106 (CWE-264: Permissions, Privileges, and Access Controls)
CVE-2019-19105 (CWE-256: Unprotected Storage of Credentials)
CVE-2019-19104 (CWE-287: Improper Authentication and Access Control)
CVE-2019-19106 (CWE-264: Permissions, Privileges, and Access Controls)
CVE-2019-19105 (CWE-256: Unprotected Storage of Credentials)
CVE-2019-19104 (CWE-287: Improper Authentication and Access Control)
Siemens OZW Web Server
CVE-2019-13941 (CWE-552: Files or Directories Accessible to External Parties)
Siemens SCALANCE X Switches
CVE-2019-13933 (CWE-306: Missing Authentication for Critical Function)
ABB PVI-AEC-EVO Data Logger
Weak Session Management in Data Logger Web Server
Honeywell IP-AK2
CVE-2019-13525 (CWE-306: Missing Authentication for Critical Function)
ABB UNO-DM (multiple devices)
CWE-287: Improper Authentication and Access Control
TECSON/GOK (multiple devices)
CVE-2019-12254 (CWE-287: Improper Authentication and Access Control)
MIELE XGW 3000 ZigBee Gatewayv
CVE-2019-20481 (CWE-285: Improper Authorization)
CVE-2019-20480 (CWE-352: Cross-Site Request Forgery)
CVE-2019-20480 (CWE-352: Cross-Site Request Forgery)
PHOENIX CONTACT FL NAT SMx
CVE-2019-9744 (CWE-284: Improper Access Control)
PHOENIX CONTACT RAD-80211-XD(/HP-BUS)
Bosch DIVAR 400 & 600 series Vulnerability v
Bosch Access Easy Controller 2.1 v
ABB CMS-770/Busch-Jaeger v
ABB M2M ETHERNET v
Echelon i.LON 600 v
Ice Qube Thermal Management Center
PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH
ProMinent MultiFLEX M10a Controller
LAVA Computer MFG Inc. Ether-Serial Link
Siemens 7KT PAC1200 Data Manager
Ctek, Inc. SkyRouter
more
CVE-2019-9743 (CWE-77: Improper Neutralization of Special Elements used in a Command)
Bosch DIVAR 400 & 600 series Vulnerability v
CWE-284: Improper Access Control
CWE-258: Unprotected Credentials
CWE-258: Unprotected Credentials
Bosch Access Easy Controller 2.1 v
CWE-287: Improper Authentication
ABB CMS-770/Busch-Jaeger v
CVE-2018-17928 (CWE-287: Improper Authentication)
ABB M2M ETHERNET v
CVE-2018-17926 (CWE-287: Improper Authentication)
Echelon i.LON 600 v
CWE-288: Authentication Bypass Using an Alternate Path or Channel
Ice Qube Thermal Management Center
CVE-2017-14026 (CWE-284: Improper Access Control)
CVE-2017-16714 (CWE-256: Unprotected Storage of Credentials)
CVE-2017-16714 (CWE-256: Unprotected Storage of Credentials)
PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH
CVE-2017-16723 (CWE-79: Improper Neutralization of Input During Web Page Generation)
ProMinent MultiFLEX M10a Controller
CVE-2017-14013 (CWE-602: Client-Side Enforcement of Server-Side Security)
CVE-2017-14007 (CWE-613: Insufficient Session Expiration)
CVE-2017-14011 (CWE-352: Cross-Site Request Forgery)
CVE-2017-14009 (CWE-200: Information Exposure)
CVE-2017-14005 (CWE-620: Unverified Password Change)
CVE-2017-14007 (CWE-613: Insufficient Session Expiration)
CVE-2017-14011 (CWE-352: Cross-Site Request Forgery)
CVE-2017-14009 (CWE-200: Information Exposure)
CVE-2017-14005 (CWE-620: Unverified Password Change)
LAVA Computer MFG Inc. Ether-Serial Link
CVE-2017-14003 (CWE-290: Authentication Bypass by Spoofing)
Siemens 7KT PAC1200 Data Manager
CVE-2017-9944 (CWE-288: Authentication Bypass Using an Alternate Path or Channel)
Ctek, Inc. SkyRouter
CVE-2017-14000 (CWE-287: Improper Authentication)
more