Advisories

Für CVSS 2.0, 3.0 und 3.2
VDE-2026-050
Mai 27, 2026, 12:00 nachm.
This advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation …
VDE-2026-057
Juni 18, 2026, 12:00 nachm.
The CmpWebServer component in the CODESYS Control Runtime allows users to create browser-based visualizations for monitoring and controlling industrial processes. Due to improper bounds checking, a specially crafted HTTP request …
VDE-2026-055
Mai 26, 2026, 12:00 nachm.
Two local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. …
VDE-2026-053
Mai 26, 2026, 12:00 nachm.
Titration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
VDE-2026-056
Juni 18, 2026, 12:00 nachm.
The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups including the visualization administrators group, which is intended solely to manage visualization users. Due to insufficient …
VDE-2026-009
Mai 26, 2026, 9:00 vorm.
A vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the …
VDE-2026-052
Mai 21, 2026, 12:00 nachm.
A vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations …
VDE-2026-042
Mai 12, 2026, 9:00 vorm.
CODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server …