Advisories | CERT@VDE

1 (current)
2

2025-07-21 12:00 VDE-2025-059

Helmholz: Multiple vulnerabilities in REX 100

Multiple vulnerabilities in all REX 100 devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.

weiter ...

CVE-2025-41675: 7.2

CVE-2025-41674: 7.2

CVE-2025-41673: 7.2

CVE-2025-41678: 6.5

CVE-2025-41679: 5.3

CVE-2025-41677: 4.9

CVE-2025-41676: 4.9

CVE-2025-41681: 4.8

2025-07-21 12:00 VDE-2025-058

MB connect line: Multiple vulnerabilities in mbNET.mini

Multiple vulnerabilities in all mbNET.mini devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.

weiter ...

CVE-2025-41675: 7.2

CVE-2025-41674: 7.2

CVE-2025-41673: 7.2

CVE-2025-41678: 6.5

CVE-2025-41679: 5.3

CVE-2025-41677: 4.9

CVE-2025-41676: 4.9

CVE-2025-41681: 4.8

2025-07-08 09:00 VDE-2025-054

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple vulnerabilities in the PLCnext system allowed low-privileged remote attackers to gain unauthorized access or trigger system reboots by manipulating configuration files and symbolic links. Affected services include watchdog, arp-preinit, and security-profile, potentially exposing critical system files. These issues have been resolved in firmware version 2025.0.2.

weiter ...

CVE-2025-41666: 8.8

CVE-2025-41667: 8.8

CVE-2025-41668: 8.8

CVE-2025-41665: 6.5

2025-07-08 09:00 VDE-2025-014

Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.

weiter ...

CVE-2025-24003: 8.2

CVE-2025-24005: 7.8

CVE-2025-24006: 7.8

CVE-2025-24002: 5.3

CVE-2025-24004: 5.2

2025-07-08 09:00 VDE-2025-019

Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.

weiter ...

CVE-2025-25270: 9.8

CVE-2025-25268: 8.8

CVE-2025-25271: 8.8

CVE-2025-25269: 8.4

2025-07-08 09:00 VDE-2025-053

Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2025.0.2

weiter ...

CVE-2024-12084: 9.8

CVE-2024-52533: 9.8

CVE-2025-0665: 9.8

CVE-2024-5535: 9.1

CVE-2024-38428: 9.1

CVE-2024-5594: 9.1

CVE-2024-6345: 8.8

CVE-2025-24965: 8.1

CVE-2018-1000156: 7.8

CVE-2019-13638: 7.8

CVE-2018-20969: 7.8

CVE-2018-1000035: 7.8

CVE-2018-6952: 7.5

CVE-2024-6232: 7.5

CVE-2024-25062: 7.5

CVE-2024-6119: 7.5

CVE-2024-12705: 7.5

CVE-2024-12085: 7.5

CVE-2024-8176: 7.5

CVE-2018-6951: 7.5

CVE-2015-7696: 6.8

CVE-2025-26465: 6.8

CVE-2024-5742: 6.7

CVE-2024-12087: 6.5

CVE-2024-10524: 6.5

CVE-2024-12088: 6.5

CVE-2024-12086: 6.1

CVE-2019-13636: 5.9

CVE-2024-50602: 5.9

CVE-2024-9681: 5.9

CVE-2025-26466: 5.9

CVE-2024-9287: 5.8

CVE-2024-12747: 5.6

CVE-2022-0529: 5.5

CVE-2019-20633: 5.5

CVE-2024-0684: 5.5

CVE-2022-0530: 5.5

CVE-2018-18384: 5.5

CVE-2024-9341: 5.4

CVE-2023-27043: 5.3

CVE-2024-12133: 5.3

CVE-2020-16120: 5.1

CVE-2024-10918: 4.8

CVE-2023-7256: 4.4

CVE-2024-8006: 4.4

CVE-2024-28882: 4.3

CVE-2024-9143: 4.3

CVE-2015-7697: 4.3

CVE-2016-9844: 4.0

CVE-2024-11053: 3.4

CVE-2025-0167: 3.4

CVE-2019-13232: 3.3

CVE-2021-4217: 3.3

CVE-2025-27113: 2.9

2025-07-07 12:00 VDE-2025-030

Frauscher: FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi are Vulnerable to OS Command Injection Vulnerability

Frauscher Sensortechnik FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi R2 and all previous versions are vulnerable to OS Command Injection via malicious configuration file.

weiter ...

CVE-2025-3626: 9.1

CVE-2025-3705: 6.8

2025-07-07 08:00 VDE-2025-057

WAGO: Vulnerability in WAGO Device Sphere

During installation, identical certificates are installed across all systems instead of unique ones, which are intended for JWT Token encryption and signing.

weiter ...

CVE-2025-41672: 10