The base ctrlX OS apps Device Admin and Solutions contain multiple vulnerabilities. In a worst case scenario, a remote authenticated (low-privileged) attacker might be able to execute arbitrary OS commands running with higher privileges.

Vulnerabilities have been discovered in the WAGO Device Manager that allow any origin to access the server and set header values, as well as an endpoint that permits read access to the file system. The WAGO Device Manager is a software for configuring and parameterizing single WAGO products, which is included in the firmware. These vulnerabilities could be exploited by attackers to send requests and read server responses through crafted web applications or to access the file system.

Update Version 1.1.0, 04.07.2025: Removed incorrect custom firmware versions.

Weidmueller security routers IE-SR-2TX are affected by multiple vulnerabilities (CVE-2025-41661, CVE-2025-41662, CVE-2025-41663).

Weidmueller has released new firmware versions of the affected products to fix the vulnerabilities.

For actuators with AC.2 controls and PROFOX actuators, a wrong configuration occurred for deliveries within the period from 01.01.2024 to 09.05.2025. Despite the ordered option "L90.00 = Bluetooth always deactivated", these actuators were delivered with an activated Bluetooth module which would allow an attacker to utilize the Bluetooth interface. It is possible to deactivate the Bluetooth interface of the affected actuators after the delivery using the standard procedures listed in the manuals.

The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1st, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.

The Lenze VPN client is vulnerable to a Local Privilege Escalation to root/SYSTEM by executing a configuration file which can be controlled by a non-privileged user. This occurs through a race condition exploit, where an attacker can overwrite the temporary OpenVPN configuration file located in a world-writable directory. By injecting malicious commands into the configuration file prior to its execution by the VPN client, an attacker can trigger arbitrary code execution with root/system privileges when a VPN connection is initiated. The vulnerability has been remediated in the version 1.4.4 of the Lenze VPN client. Due to some further developments and completion of the functional scope, it is recommended to update the firmware of the x500 IoT Gateway devices immediately, regardless of the current security vulnerability in the VPN client.

Weidmueller industrial ethernet switches are affected by multiple vulnerabilities.

Weidmueller has released new firmwares of the affected products to fix the vulnerabilities.

A stored cross-site scripting vulnerability has been discovered in the profinet gateway LB8122A.1.EL. An attacker can write an HTML tag with up to 32 characters in the message field of a HART transmitter. The HTML tag is interpreted as HTML when the HART information is displayed in a webbrowser. If the HTML tag contains a link to a manipulated page, a user can be tricked into accessing this page. Furthermore, an attacker can access information about running processes via the SNMP protocol. Sending such SNMP read commands can also trigger a reboot.