VDE-2025-097
Nov. 18, 2025, 1:00 nachm.
A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, …
VDE-2025-086
Nov. 10, 2025, 12:00 nachm.
A vulnerability was identified in the variTRON password generation algorithm of the debug-interface. The PRNG is initialized with the current Unix Timestamp, thus the resulting password is predictable. With the …
VDE-2025-062
Nov. 3, 2025, 12:00 nachm.
Several WAGO firmwares installed on different devices are impacted by various CODESYS vulnerabilities. These affect the runtime, visualization, and OPC UA server.
VDE-2025-060
Okt. 21, 2025, 12:00 nachm.
Vulnerabilities have been discovered in the embedded firmware of SAUTER modulo 6 devices. These vulnerabilities affect the embedded web server as well as the interface to the SAUTER CASE Suite …
VDE-2025-093
Okt. 20, 2025, 12:00 nachm.
The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by a malicious web request.
VDE-2025-074
Okt. 15, 2025, 12:00 nachm.
A vulnerability in the firmware of CHARX SEC-3xxx charging controllers has been discovered.
VDE-2025-091
Okt. 14, 2025, 12:00 nachm.
The embedded web interface of the MURRELEKTRONIK IMPACT67 Pro PN DIO8 IOL8 transmits login credentials over unencrypted HTTP using a GET request. The device does not offer HTTPS/TLS support, exposing …
VDE-2025-072
Okt. 14, 2025, 8:00 vorm.
Multiple vulnerabilities were discovered in the firmware of QUINT4-UPS EIP devices that can be used by an unauthenticated remote attacker to perform Denial of Service attacks and to gather login …