VDE-2026-044
Mai 27, 2026, 1:00 nachm.
Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
VDE-2026-054
Mai 27, 2026, 1:00 nachm.
Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
VDE-2026-059
Mai 27, 2026, 1:00 nachm.
Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
VDE-2026-058
Mai 27, 2026, 1:00 nachm.
Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
VDE-2026-050
Mai 27, 2026, 12:00 nachm.
This advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation …
VDE-2026-055
Mai 26, 2026, 12:00 nachm.
Two local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. …
VDE-2026-056
Mai 26, 2026, 12:00 nachm.
The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups including the visualization administrators group, which is intended solely to manage visualization users. Due to insufficient …
VDE-2026-057
Mai 26, 2026, 12:00 nachm.
The CmpWebServer component in the CODESYS Control Runtime allows users to create browser-based visualizations for monitoring and controlling industrial processes. Due to improper bounds checking, a specially crafted HTTP request …