Advisories

Für CVSS 2.0, 3.0 und 3.2
VDE-2024-003
Mai 22, 2025, 3:03 nachm.

TRUMPF: Multiple products include a vulnerable version of Notepad++

The TRUMPF products that are listed above contain a vulnerable version of Notepad++. This version isbeing installed for support purposes only, so there is no danger of triggering this vulnerability …
CVE-2023-40031
CVE-2023-40036
CVE-2023-40164
CVE-2023-40166
VDE-2019-018
Mai 22, 2025, 3:03 nachm.

Weidmueller: multiple vulnerabilities in various Industrial Ethernet managed switches

Multiple issues have been found. Please check the CVEs for details.
CVE-2019-16671
CVE-2019-16672
CVE-2019-16670
CVE-2019-16674
CVE-2019-16673
VDE-2021-060
Mai 22, 2025, 3:03 nachm.

WAGO: Smart Script affected by Log4Shell Vulnerability

Apache Log4j is used for logging events in WAGO Smart Script in Version 4.2 and higher. Events logged by Log4j can contain JNDI references. An attacker who can control log …
CVE-2021-44228
CVE-2021-45046
CVE-2021-44832
CVE-2021-45105
VDE-2021-041
Mai 22, 2025, 3:03 nachm.

Pepperl+Fuchs: Multiple DTM and VisuNet Software affected by log4net vulnerability

Critical vulnerabilities have been discovered in the utilized component log4net by Apache Software Foundation. UPDATE A: Remediation: added fixed VisuNet Products
CVE-2018-1285
VDE-2020-001
Mai 22, 2025, 3:03 nachm.

PHOENIX CONTACT: Emalytics Controller ILC 2050 BI(L) allows unauthorised read and write access to the configuration file

Phoenix Contact Emalytics Controller ILC 2050 BI are developed and designed for the use in protected building automation networks.An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI …
CVE-2020-8768
VDE-2025-002
Mai 22, 2025, 3:03 nachm.

PEPPERL+FUCHS: HMI – devices are affected by Windows RCE

An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.
CVE-2024-38063
VDE-2022-046
Mai 22, 2025, 3:03 nachm.

PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware

UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022) Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. PLCnext Control …
CVE-2022-32207
CVE-2022-25315
CVE-2022-25236
CVE-2022-25235
CVE-2022-0547
CVE-2022-0729
CVE-2022-24407
CVE-2022-28391
CVE-2022-27778
CVE-2022-22576
CVE-2022-2257
CVE-2022-2206
CVE-2022-2264
CVE-2022-2288
CVE-2022-2289
CVE-2022-2286
CVE-2022-2284
CVE-2022-2285
CVE-2022-2345
CVE-2022-2344
CVE-2022-2210
CVE-2022-2207
CVE-2022-2343
CVE-2022-2183
CVE-2022-2182
CVE-2022-2175
CVE-2022-2129
CVE-2022-1942
CVE-2022-1927
CVE-2021-3973
CVE-2022-0368
CVE-2022-0361
CVE-2022-0685
CVE-2022-0572
CVE-2022-1160
CVE-2022-0943
CVE-2022-1154
CVE-2022-1720
CVE-2022-1898
CVE-2022-1851
CVE-2022-1886
CVE-2022-1785
CVE-2022-1769
CVE-2022-1735
CVE-2022-1629
CVE-2022-1619
CVE-2022-1616
CVE-2022-1621
CVE-2022-1796
CVE-2022-1733
CVE-2022-1381
CVE-2022-0778
CVE-2022-29864
CVE-2022-29862
CVE-2019-19906
CVE-2022-27775
CVE-2022-27781
CVE-2022-27780
CVE-2022-25314
CVE-2022-27782
CVE-2018-25032
CVE-2022-1620
CVE-2022-23308
CVE-2021-3796
CVE-2022-2287
CVE-2021-4166
CVE-2021-45117
CVE-2022-32206
CVE-2022-27776
CVE-2022-25313
CVE-2022-29824
CVE-2022-32208
CVE-2022-27774
CVE-2022-2231
CVE-2022-2208
CVE-2022-0714
CVE-2022-0696
CVE-2022-1771
CVE-2022-1674
CVE-2022-1420
CVE-2022-27779
CVE-2022-32205
CVE-2022-30115
VDE-2024-045
Mai 22, 2025, 3:03 nachm.

Beckhoff: Local authentication bypass in IPC-Diagnostics package included in TwinCAT/BSD operating system

By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or …
CVE-2024-41173