VDE-2023-046
April 28, 2025, 12:00 nachm.
An attacker with administrative privileges which can access sensitive files, can additionally access them in an unintended, undocumented way.
VDE-2023-042
Nov. 20, 2024, 12:00 nachm.
Critical vulnerability has been discovered in the utilized component PROFINET IO Device by Hilscher Gesellschaft für Systemautomation mbH. The impact of the vulnerability on the affected device is that it …
VDE-2023-026
Mai 22, 2025, 3:03 nachm.
Multiple WAGO devices are prone to vulnerabilites in the used CODESYS V3 framework.
VDE-2023-014
Juli 31, 2023, 9:00 vorm.
A vulnerability allows Bluetooth LE pairing traffic to be sniffed and used to bypass authentication for pairing.
VDE-2023-006
Juli 8, 2024, 12:00 nachm.
An authenticated attacker can send a malformed packet to trigger a device crash via the CODESYS V2 runtime commands parsing. Update: 08.07.2024 release date of the updates has been changed.
VDE-2023-005
Juni 25, 2023, 8:00 vorm.
An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly …
VDE-2023-007
Mai 22, 2025, 3:03 nachm.
The 'legal information' plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user. UPDATE A 15.06.2023 : Removed PFC100 with FW23 as affected …
VDE-2022-060
Feb. 27, 2023, 12:00 nachm.
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates. The configuration backend can in some cases be used without authentication and …