VDE-2023-039
March 13, 2024, 9:30 AM
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning, and updates. The option to change the configuration data via tools or the web-based-management …
VDE-2024-011
March 12, 2024, 8:00 AM
Multiple vulnerabilities have been discovered in the Firmware of CHARX SEC charge controllers. These vulnerabilities were discovered as part of a PWN2OWN competition initiated by Trend Micro Zero Day Initiative …
VDE-2024-018
May 14, 2025, 2:36 PM
Multiple Wiesemann & Theis software products are affected by a vulnerability through an unquoted search path in the Windows registry. A local attacker can execute arbitrary code and gain administrative …
VDE-2023-065
Nov. 4, 2025, 12:00 PM
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time …
VDE-2024-014
June 5, 2025, 3:28 PM
Several WAGO Firmwares are vulnerable to a to a remote attack which allows to bypass the integrity check through OpenSSH. This called Terrapin attack occurs because of mishandled handshake phase.
VDE-2024-016
May 22, 2025, 3:03 PM
The affected products and versions present a vulnerability due to a vulnerable integrated software component the docker runc <= 1.1.11. In the worst-case scenario, the integrated Docker container environment …
VDE-2024-013
May 22, 2025, 3:03 PM
CVE-2024-24781: If the above mentioned products are loaded with Wire speed (1Gbit/s or 100Mbit/s) the resources of the Ethernet-Controller are exhausted and it must be reset by the system automatically …
VDE-2024-002
Feb. 6, 2024, 8:00 AM
The PITreader product family is using the 3rd -party-component uC/HTTP to implement the web server functionality. uC/HTTP is affected by multiple vulnerabilities. These vulnerabilities may enable an attacker to gain …