VDE-2018-003
Okt. 1, 2025, 10:00 vorm.
Several CPUs manufactured by Intel, AMD or based on ARM technology may leak information due to their internal operation if attacked by specifically written software executed on the affected systems. …
VDE-2025-077
Sept. 9, 2025, 12:00 nachm.
The jq JSON processor, which is used to migrate firmware configurations in the product, contains 2 vulnerabilities that can be exploited by an authenticated attacker.
VDE-2025-064
Sept. 9, 2025, 9:00 vorm.
A local privilege escalation vulnerability in Phoenix Contact products utilizing WIBU-SYSTEMS CodeMeter Runtime allows users to gain admin rights on freshly installed systems. The CodeMeter Control Center starts with elevated …
VDE-2024-022
Aug. 27, 2025, 12:00 nachm.
Start sequence for firewall service allows attack during the boot process. Password is reset to default when the device undergoes a firmware upgrade.
VDE-2024-039
Aug. 27, 2025, 12:00 nachm.
Confidential data in HTTP query string of user requests. Incomplete sanitation of user input in administrative web interface.
VDE-2025-063
Aug. 12, 2025, 12:00 nachm.
A privilege escalation vulnerability exists in Phoenix Contact Device and Update Management prior to version 2025.3.1 due to misconfigured permissions on nssm.exe in the DAUM-WINDOWS-SERVICE. This misconfiguration allows a low-privileged …
VDE-2025-019
Juli 22, 2025, 10:00 vorm.
Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered. **Update Version 1.1.0:** Updated the reporting credits for CVE-2025-25271.
VDE-2019-015
Juli 11, 2025, 9:00 vorm.
Phoenix Contact Classic Line industrial controllers (ILC1x0 and ILC1x1 product families as well as the AXIOLINE controllers AXC1050 and AXC3050) are developed and designed for the use in closed industrial …