VDE-2026-012
March 10, 2026, 11:00 AM
The CODESYS Installer is affected by a privilege escalation vulnerability. Due to a race condition, a local attacker with limited privileges can replace the verified downloaded setup before execution. Because …
VDE-2025-079
March 10, 2026, 8:00 AM
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
VDE-2025-096
March 10, 2026, 8:00 AM
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
VDE-2026-001
March 4, 2026, 8:00 AM
LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
VDE-2026-002
March 2, 2026, 8:00 AM
A vulnerability has been identified in WAGO devices utilized in Endress+Hauser IoT solutions. WAGO has provided fixes for these vulnerabilities, which have been integrated into the solutions by Endress+Hauser.
VDE-2025-108
Feb. 26, 2026, 9:00 AM
Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled …
VDE-2026-007
Feb. 23, 2026, 9:00 AM
The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.
VDE-2026-0001
Feb. 18, 2026, 8:00 AM
The Bluetooth Classic implementation on JBL Flip 4 devices with firmware version prior to 4.1.0 does not properly handle malformed LMP messages and causes the entire device to crash. Any …