VDE-2022-001
Mai 14, 2025, 3:00 nachm.
The user management of the FL SWITCH 2xxx family of devices implements access rights based on roles and permission groups. An unprivileged user logged in via the SSH CLI is …
VDE-2021-044
Mai 14, 2025, 3:00 nachm.
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
VDE-2021-059
Mai 22, 2025, 3:03 nachm.
The TCP/IP stack and of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities. Nucleus NET is utilized by BLUEMARK X1 / LED / CLED. …
VDE-2021-060
Mai 22, 2025, 3:03 nachm.
Apache Log4j is used for logging events in WAGO Smart Script in Version 4.2 and higher. Events logged by Log4j can contain JNDI references. An attacker who can control log …
VDE-2021-058
Mai 14, 2025, 3:00 nachm.
An issue was discovered in the myREX24 and myREX24-virtual software in all versions through V2.9.0.
VDE-2021-006
Mai 14, 2025, 3:00 nachm.
Critical vulnerability has been discovered in the utilized component PROFINET IO Device by Hilscher Gesellschaft für Systemautomation mbH. The impact of the vulnerability on the affected device is that it …
VDE-2021-056
Mai 22, 2025, 3:03 nachm.
Multiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLCs. All vulnerable PLCs are listed in chapter 'Affected Products'. https://www.codesys.com/security/security-reports.html
VDE-2021-049
Mai 22, 2025, 3:03 nachm.
A Denial-of-Service Vulnerability was reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC's. All vulnerable PLCs are listed in chapter 'Affected Products'.