VDE-2025-026
      May 14, 2025, 3:00 PM
    
      Sending too much data in the service telegram of AUMA actuators leads to a buffer overflow in the actuator controls. Depending on the actuator, the service telegram is transmitted either …
    
    
      
        
      
    
  VDE-2025-032
      May 6, 2025, 12:00 PM
    
      Multiple W&T Products are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via crafted payloads injected into several input fields of the …
    
    
      
        
      
    
  VDE-2025-031
      April 28, 2025, 12:00 PM
    Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated TLS protocol versions
      Com-Server firmware versions prior to 1.60 support the insecure TLS 1.0 and TLS 1.1 protocols, which are susceptible to man-in-the-middle attacks and thereby compromise the confidentiality and integrity of data.
    
    
      
        
      
    
  VDE-2025-027
      April 23, 2025, 12:00 PM
    
      An unauthenticated attacker can read static visualization files of the CODESYS WebVisu, by bypassing the CODESYS Visualization user management applying forced browsing.
    
    
      
        
      
    
  VDE-2024-004
      May 22, 2025, 3:03 PM
    
      The versions of TRUMPF products stated below are including a version of log4net that's prone to XXE (External XML Entities) attacks under certain circumstances. This means, the log4net code can …
    
    
      
        
      
    
  VDE-2025-007
      April 15, 2025, 12:00 PM
    
      The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1, 1970. On January 19, 2038, at 03:14:07 UTC, the …
    
    
      
        
      
    
  VDE-2025-033
      April 14, 2025, 12:00 PM
    
      The ADS-TEC firewall products IRF1000, IRF2000, and IRF3000 include Eclipse Mosquitto, affected by multiple vulnerabilities. Exploitation requires a compromised upstream MQTT broker, limiting direct device exposure.
    
    
      
        
      
    
  VDE-2025-022
      June 5, 2025, 3:31 PM
    
      The OPC UA security policy Basic128Rsa15 is vulnerable against attacks on the private key. This can lead to loss of confidentiality or authentication bypass. The CODESYS OPC UA server is …