An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.

A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication.

A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.

A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.

A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss.

A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.

An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability.