CVE-2026-41032 | THREATINT

Description

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.

PUBLISHED Reserved 2026-04-16 | Published 2026-06-03 | Updated 2026-06-03 | Assigner CERTVDE

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

1.0.0 (custom) before 1.9.0

affected

Default status

unaffected

1.0.0 (custom) before 1.9.0

affected

Default status

unaffected

1.0.0 (custom) before 1.9.0

affected

Default status

unaffected

1.0.0 (custom) before 1.9.0

affected

Credits

Piotr Ptaszek, Mateusz Wójcik from ZDI reporter

References

phoenixcontact.csaf-tp.certvde.com/...2026/vde-2026-060.json vendor-advisory

certvde.com/de/advisories/VDE-2026-060/ vendor-advisory

cve.org (CVE-2026-41032)

nvd.nist.gov (CVE-2026-41032)

Download JSON

help @ threatint.eu