VDE-2024-072
Dez. 3, 2024, 12:00 nachm.
The following firmware versions installed on several devices are vulnerable due to a vulnerability in the CODESYS Control V3 web server.
VDE-2024-047
Mai 22, 2025, 3:03 nachm.
Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices.
VDE-2023-068
Mai 21, 2024, 8:00 vorm.
The following vulnerabilities are published with reference to CODESYS Advisory 2023-05, CODESYS Advisory 2023-06 and CODESYS Advisory 2023-09
VDE-2024-021
Mai 21, 2024, 8:00 vorm.
The WAGO Navigator versions 1.0.1 and 1.0 are vulnerable due to the use of the WiX toolset version 3.11.2.
VDE-2023-039
März 13, 2024, 9:30 vorm.
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning, and updates. The option to change the configuration data via tools or the web-based-management …
VDE-2024-014
Juni 5, 2025, 3:28 nachm.
Several WAGO Firmwares are vulnerable to a to a remote attack which allows to bypass the integrity check through OpenSSH. This called Terrapin attack occurs because of mishandled handshake phase.
VDE-2024-007
Jan. 22, 2024, 8:00 vorm.
A heap-based buffer overflow caused by libcurl and wrong whitespace character interpretation in Javascript, both used in CodeMeter Runtime affecting multiple products by WAGO. WIBU-SYSTEMS Codemeter is installed by default …
VDE-2023-044
Dez. 5, 2023, 8:00 vorm.
The Library WagoAppRTU which is part of the Wago Telecontrol Configurator is prone to improper input validation. By sending specifically crafted MMS packets an attacker can trigger a denial-of-service condition.