VDE-2026-059
May 27, 2026, 1:00 PM
Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
VDE-2026-050
May 27, 2026, 12:00 PM
This advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation …
VDE-2026-057
June 18, 2026, 12:00 PM
The CmpWebServer component in the CODESYS Control Runtime allows users to create browser-based visualizations for monitoring and controlling industrial processes. Due to improper bounds checking, a specially crafted HTTP request …
VDE-2026-055
May 26, 2026, 12:00 PM
Two local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. …
VDE-2026-053
May 26, 2026, 12:00 PM
Titration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
VDE-2026-056
June 18, 2026, 12:00 PM
The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups including the visualization administrators group, which is intended solely to manage visualization users. Due to insufficient …
VDE-2026-009
May 26, 2026, 9:00 AM
A vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the …
VDE-2026-052
May 21, 2026, 12:00 PM
A vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations …