VDE-2025-018
Juli 4, 2025, 12:00 nachm.
Vulnerabilities have been discovered in the WAGO Device Manager that allow any origin to access the server and set header values, as well as an endpoint that permits read access …
VDE-2025-045
Juli 1, 2025, 12:00 nachm.
Authentication is not configured by default for the Node-RED server on the Pilz industrial PC IndustrialPI. An unauthenticated remote attacker has full access to the Node-RED server and can run …
VDE-2025-039
Juli 1, 2025, 12:00 nachm.
The Pilz industrial PC IndustrialPI webstatus application is vulnerable to an authentication bypass.
VDE-2024-061
Juni 30, 2025, 12:00 nachm.
A vulnerability has been disclosed in PLC ifm AC4xxS that allows an attacker to trigger the safety state with the help of a specially crafted html request. This leads to …
VDE-2025-046
Juni 30, 2025, 12:00 nachm.
PiCtory, a web application to configure the Pilz industrial PC IndustrialPI, has three vulnerabilities with varying degrees of severity. The first two are of critical severity and can lead to …
VDE-2025-043
Juni 25, 2025, 12:00 nachm.
A security vulnerability was discovered in the PLC Designer V4 in the version 4.0.0 where the programmer of a Controller can set a password for the connected device. Here it …
VDE-2025-038
Juni 24, 2025, 12:00 nachm.
Two vulnerabilities in myREX24/myREX24.virtual can lead to user enumeration an password bypass.
VDE-2025-037
Juni 24, 2025, 12:00 nachm.
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.