VDE-2025-099
Dec. 1, 2025, 12:00 PM
A vulnerability has been identified in the CODESYS Control runtime system, which includes an abstraction layer designed to ensure compatibility across different operating systems. This layer is used both by …
VDE-2025-100
Dec. 1, 2025, 11:00 AM
A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The …
VDE-2025-101
Dec. 1, 2025, 11:00 AM
A vulnerability has been discovered in the print engine of the CODESYS development system. If a CODESYS project file or archive file was crafted in a specific way, the CODESYS …
VDE-2025-094
Nov. 24, 2025, 1:00 PM
A vulnerability in the devices UMG 96-PA and UMG 96-PA-MID+ enables an unauthenticated remote attacker to cause the device to become unavailable.
VDE-2025-097
Nov. 18, 2025, 1:00 PM
A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, …
VDE-2025-086
Nov. 10, 2025, 12:00 PM
A vulnerability was identified in the variTRON password generation algorithm of the debug-interface. The PRNG is initialized with the current Unix Timestamp, thus the resulting password is predictable. With the …
VDE-2025-062
Nov. 3, 2025, 12:00 PM
Several WAGO firmwares installed on different devices are impacted by various CODESYS vulnerabilities. These affect the runtime, visualization, and OPC UA server.
VDE-2025-060
Oct. 21, 2025, 12:00 PM
Vulnerabilities have been discovered in the embedded firmware of SAUTER modulo 6 devices. These vulnerabilities affect the embedded web server as well as the interface to the SAUTER CASE Suite …