VDE-2022-003
Juni 5, 2025, 3:28 nachm.
By tricking clients of the mentioned products into contacting malicious OPC UA servers and thereby acting as OPC UA clients, a crash of the component can be provoked.
VDE-2022-002
Mai 22, 2025, 3:03 nachm.
A vulnerability is reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations. All currently existing e!COCKPIT installation bundles and WAGO-I/O-Pro (CODESYS 2.3) …
VDE-2022-001
Mai 14, 2025, 3:00 nachm.
The user management of the FL SWITCH 2xxx family of devices implements access rights based on roles and permission groups. An unprivileged user logged in via the SSH CLI is …
VDE-2021-044
Mai 14, 2025, 3:00 nachm.
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
VDE-2021-059
Mai 22, 2025, 3:03 nachm.
The TCP/IP stack and of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities. Nucleus NET is utilized by BLUEMARK X1 / LED / CLED. …
VDE-2021-060
Mai 22, 2025, 3:03 nachm.
Apache Log4j is used for logging events in WAGO Smart Script in Version 4.2 and higher. Events logged by Log4j can contain JNDI references. An attacker who can control log …
VDE-2021-058
Mai 14, 2025, 3:00 nachm.
An issue was discovered in the myREX24 and myREX24-virtual software in all versions through V2.9.0.
VDE-2021-006
Mai 14, 2025, 3:00 nachm.
Critical vulnerability has been discovered in the utilized component PROFINET IO Device by Hilscher Gesellschaft für Systemautomation mbH. The impact of the vulnerability on the affected device is that it …