VDE-2026-057
Mai 26, 2026, 12:00 nachm.
The CmpWebServer component in the CODESYS Control Runtime allows users to create browser-based visualizations for monitoring and controlling industrial processes. Due to improper bounds checking, a specially crafted HTTP request …
VDE-2026-055
Mai 26, 2026, 12:00 nachm.
Two local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. …
VDE-2026-053
Mai 26, 2026, 12:00 nachm.
Titration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
VDE-2026-009
Mai 26, 2026, 9:00 vorm.
A vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the …
VDE-2026-052
Mai 21, 2026, 12:00 nachm.
A vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations …
VDE-2026-042
Mai 12, 2026, 9:00 vorm.
CODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server …
VDE-2026-005
Mai 6, 2026, 10:00 vorm.
The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
VDE-2026-046
Mai 4, 2026, 11:00 vorm.
Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed …