Advisories

Für CVSS 2.0, 3.0 und 3.2
VDE-2026-064
Juni 9, 2026, 12:00 nachm.

METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3

Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. …
CVE-2025-68121
CVE-2018-15727
CVE-2025-15467
CVE-2023-36414
CVE-2024-0056
CVE-2025-68154
CVE-2026-24737
CVE-2021-24112
CVE-2025-58187
CVE-2025-9230
CVE-2025-15281
CVE-2026-21218
CVE-2026-26127
CVE-2026-26130
CVE-2026-0915
CVE-2026-2391
CVE-2026-22036
CVE-2024-43483
CVE-2023-29331
CVE-2025-69419
CVE-2025-46817
VDE-2026-039
Juni 9, 2026, 3:00 nachm.

MBS: Several security vulnerabilities in the UGW web GUI

The MBS Universal Gateways (UGW-A-Series, UGW-X-Series) connect devices using various digital communication protocols within the field of building automation. Several security vulnerabilities have been identified in the UGW web GUI …
CVE-2026-35075
CVE-2026-35085
CVE-2026-35084
CVE-2026-35083
CVE-2026-35082
CVE-2026-35081
CVE-2026-35080
CVE-2026-35079
CVE-2026-35078
CVE-2026-35077
CVE-2026-35076
VDE-2026-060
Juni 3, 2026, 12:01 nachm.

Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

VDE-2026-060: A unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers has been discovered.
CVE-2026-41032
VDE-2026-044
Mai 27, 2026, 1:00 nachm.

MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
CVE-2026-40850
CVE-2026-40819
CVE-2026-40818
CVE-2026-40817
CVE-2026-40816
CVE-2026-40815
CVE-2026-40814
CVE-2026-40813
CVE-2026-40812
CVE-2026-40811
CVE-2026-40810
CVE-2026-40836
CVE-2026-40834
CVE-2026-40833
CVE-2026-40849
CVE-2026-40848
CVE-2026-40847
CVE-2026-40846
CVE-2026-40845
CVE-2026-40844
CVE-2026-40843
CVE-2026-40842
CVE-2026-40841
CVE-2026-40840
CVE-2026-40839
CVE-2026-40838
CVE-2026-40837
CVE-2026-40835
CVE-2026-40832
CVE-2026-40831
CVE-2026-40830
CVE-2026-40829
CVE-2026-40828
CVE-2026-40827
CVE-2026-40825
CVE-2026-40824
CVE-2026-40823
CVE-2026-40826
CVE-2026-40822
CVE-2026-40821
CVE-2026-40820
VDE-2026-054
Mai 27, 2026, 1:00 nachm.

MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini

Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
CVE-2026-40851
CVE-2026-40852
VDE-2026-058
Mai 27, 2026, 1:00 nachm.

Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual

Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
CVE-2026-40850
CVE-2026-40819
CVE-2026-40818
CVE-2026-40817
CVE-2026-40816
CVE-2026-40815
CVE-2026-40814
CVE-2026-40813
CVE-2026-40812
CVE-2026-40811
CVE-2026-40810
CVE-2026-40836
CVE-2026-40834
CVE-2026-40833
CVE-2026-40849
CVE-2026-40848
CVE-2026-40847
CVE-2026-40846
CVE-2026-40845
CVE-2026-40844
CVE-2026-40843
CVE-2026-40842
CVE-2026-40841
CVE-2026-40840
CVE-2026-40839
CVE-2026-40838
CVE-2026-40837
CVE-2026-40835
CVE-2026-40832
CVE-2026-40831
CVE-2026-40830
CVE-2026-40829
CVE-2026-40828
CVE-2026-40827
CVE-2026-40825
CVE-2026-40824
CVE-2026-40823
CVE-2026-40826
CVE-2026-40822
CVE-2026-40821
CVE-2026-40820
VDE-2026-059
Mai 27, 2026, 1:00 nachm.

Helmholz: Multiple vulnerabilities in REX100/REX200/REX250

Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
CVE-2026-40851
CVE-2026-40852
VDE-2026-050
Mai 27, 2026, 12:00 nachm.

Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration Files

This advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation …
CVE-2025-41669
CVE-2025-41670