VDE-2025-093
Okt. 20, 2025, 12:00 nachm.
The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by a malicious web request.
VDE-2025-045
Juli 1, 2025, 12:00 nachm.
Authentication is not configured by default for the Node-RED server on the Pilz industrial PC IndustrialPI. An unauthenticated remote attacker has full access to the Node-RED server and can run …
VDE-2025-039
Juli 1, 2025, 12:00 nachm.
The Pilz industrial PC IndustrialPI webstatus application is vulnerable to an authentication bypass.
VDE-2025-046
Juni 30, 2025, 12:00 nachm.
PiCtory, a web application to configure the Pilz industrial PC IndustrialPI, has three vulnerabilities with varying degrees of severity. The first two are of critical severity and can lead to …
VDE-2024-002
Feb. 6, 2024, 8:00 vorm.
The PITreader product family is using the 3rd -party-component uC/HTTP to implement the web server functionality. uC/HTTP is affected by multiple vulnerabilities. These vulnerabilities may enable an attacker to gain …
VDE-2023-050
April 10, 2025, 3:00 nachm.
Multiple Pilz products are affected by stored cross-site-scripting (XSS) vulnerabilities. The vulnerabilities may enable an attacker to gain full control over the system. Update: 27.02.2024 Fix typo in advisory title
VDE-2023-059
Dez. 5, 2023, 8:06 vorm.
The Builder and Viewer components of the product PASvisu are based on the 3rd-party-component Electron. Electron contains several other open-source components which are affected by vulnerabilities. The vulnerabilities may enable …
VDE-2023-048
Mai 22, 2025, 3:03 nachm.
Several Pilz products use the 3rd-party component 'libwebp' for decoding of images in WebP format. This component is affected by a vulnerability, which may enable an attacker to gain full …