VDE-2025-037
Juni 24, 2025, 12:00 nachm.
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.
VDE-2025-035
Juni 24, 2025, 12:00 nachm.
Two vulnerabilities in mbCONNECT24/mymbCONNECT24 can lead to user enumeration an password bypass.
VDE-2025-034
Juni 24, 2025, 12:00 nachm.
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.
VDE-2025-057
Juli 7, 2025, 8:15 vorm.
During installation, identical certificates are installed across all systems instead of unique ones, which are intended for JWT Token encryption and signing.
VDE-2025-018
Okt. 7, 2025, 10:00 vorm.
Vulnerabilities have been discovered in the WAGO Device Manager that allow any origin to access the server and set header values, as well as an endpoint that permits read access …
VDE-2025-040
Juni 16, 2025, 12:00 nachm.
The base ctrlX OS apps Device Admin and Solutions contain multiple vulnerabilities. In a worst case scenario, a remote authenticated (low-privileged) attacker might be able to execute arbitrary OS commands …
VDE-2025-052
Juli 23, 2025, 12:00 nachm.
Weidmueller security routers IE-SR-2TX are affected by multiple vulnerabilities (CVE-2025-41661, CVE-2025-41663, CVE-2025-41683, CVE-2025-41684, CVE-2025-41687). Weidmueller has released new firmware versions of the affected products to fix the vulnerabilities. **Update Version …
VDE-2025-047
Juni 10, 2025, 12:00 nachm.
For actuators with AC.2 controls and PROFOX actuators, a wrong configuration occurred for deliveries within the period from 01.01.2024 to 09.05.2025. Despite the ordered option "L90.00 = Bluetooth always deactivated", …