VDE-2025-087
Sept. 24, 2025, 11:00 vorm.
Due to a missing authentication check, the WAGO Solution Builder and the WAGO Device Sphere are vulnerable to a potential information exposure.
VDE-2025-083
Sept. 15, 2025, 10:00 vorm.
The vulnerability in the Ethernet switch circuit is caused by a PullUp resistor at the reset input, leading to premature activation and undefined operation. Switching to a PullDown resistor keeps …
VDE-2025-080
Sept. 9, 2025, 12:00 nachm.
A missing authentication vulnerability exists in the iocheckd service "I/O-Check" functionality. A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being …
VDE-2025-048
Sept. 8, 2025, 9:00 vorm.
A design flaw in the file system management exposes internal system partitions - intended to be hidden - during brief moments when they are mounted by the firmware. These partitions …
VDE-2025-082
Sept. 8, 2025, 9:00 vorm.
A vulnerability in sudo allows a low privileged attacker to execute commands with root rights.
VDE-2025-057
Juli 7, 2025, 8:15 vorm.
During installation, identical certificates are installed across all systems instead of unique ones, which are intended for JWT Token encryption and signing.
VDE-2025-018
Okt. 7, 2025, 10:00 vorm.
Vulnerabilities have been discovered in the WAGO Device Manager that allow any origin to access the server and set header values, as well as an endpoint that permits read access …
VDE-2025-040
Juni 16, 2025, 12:00 nachm.
The base ctrlX OS apps Device Admin and Solutions contain multiple vulnerabilities. In a worst case scenario, a remote authenticated (low-privileged) attacker might be able to execute arbitrary OS commands …