VDE-2025-032
Mai 6, 2025, 12:00 nachm.
Multiple W&T Products are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via crafted payloads injected into several input fields of the …
VDE-2025-031
April 28, 2025, 12:00 nachm.
Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated TLS protocol versions
Com-Server firmware versions prior to 1.60 support the insecure TLS 1.0 and TLS 1.1 protocols, which are susceptible to man-in-the-middle attacks and thereby compromise the confidentiality and integrity of data.
VDE-2025-027
April 23, 2025, 12:00 nachm.
An unauthenticated attacker can read static visualization files of the CODESYS WebVisu, by bypassing the CODESYS Visualization user management applying forced browsing.
VDE-2024-004
Mai 22, 2025, 3:03 nachm.
The versions of TRUMPF products stated below are including a version of log4net that's prone to XXE (External XML Entities) attacks under certain circumstances. This means, the log4net code can …
VDE-2025-007
April 15, 2025, 12:00 nachm.
The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1, 1970. On January 19, 2038, at 03:14:07 UTC, the …
VDE-2025-033
April 14, 2025, 12:00 nachm.
The ADS-TEC firewall products IRF1000, IRF2000, and IRF3000 include Eclipse Mosquitto, affected by multiple vulnerabilities. Exploitation requires a compromised upstream MQTT broker, limiting direct device exposure.
VDE-2025-022
Juni 5, 2025, 3:31 nachm.
The OPC UA security policy Basic128Rsa15 is vulnerable against attacks on the private key. This can lead to loss of confidentiality or authentication bypass. The CODESYS OPC UA server is …
VDE-2024-031
Mai 14, 2025, 3:00 nachm.
The data24 service that is bundled with every installation of myREX24 V2/myREX24.virtual has two serious flaws in core components. These combined can lead to a complete loss of confidentiality, integrity …