VDE-2024-008
April 8, 2026, 9:00 vorm.
A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
VDE-2026-010
März 30, 2026, 9:00 vorm.
Multiple vulnerabilities have been identified in WAGO Solution Builder and WAGO Device Sphere that affect components responsible for authentication and system communication.
VDE-2026-021
März 30, 2026, 9:00 vorm.
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission …
VDE-2026-020
März 23, 2026, 9:00 vorm.
A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function.
VDE-2026-004
Feb. 9, 2026, 9:00 vorm.
Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack …
VDE-2025-095
Jan. 19, 2026, 9:00 vorm.
Two remote stack buffer overflow vulnerabilities were discovered in WAGO industrial switches. These issues originate from unsafe input handling in custom HTTP request parsing functions within the lighttpd binary. The …
VDE-2025-062
Nov. 3, 2025, 12:00 nachm.
Several WAGO firmwares installed on different devices are impacted by various CODESYS vulnerabilities. These affect the runtime, visualization, and OPC UA server.
VDE-2025-087
Sept. 24, 2025, 11:00 vorm.
Due to a missing authentication check, the WAGO Solution Builder and the WAGO Device Sphere are vulnerable to a potential information exposure.