Advisories

For CVSS 2.0, 3.0 and 3.2
VDE-2022-036
July 28, 2025, 12:00 PM

Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function

Unauthenticated access to critical webpage functions (e.g. reboot) may cause a denial of service of the device.
CVE-2022-3079
VDE-2022-017
May 14, 2025, 3:00 PM

Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual

An issue was discovered in myREX24 and myREX24.virtual in all versions through 2.11.2.
CVE-2022-22520
VDE-2022-011
Sept. 7, 2022, 2:50 PM

MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24

An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.11.2.
CVE-2022-22520
VDE-2022-039
Sept. 7, 2022, 12:56 PM

Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual

Multiple vulnerabilities have been found in myREX24 and myREX24.virtual.
CVE-2020-35565
CVE-2020-35567
CVE-2020-10384
CVE-2020-12528
CVE-2020-35558
CVE-2020-35564
CVE-2021-34575
CVE-2020-35557
CVE-2020-12527
CVE-2020-35560
CVE-2020-35569
CVE-2020-12530
CVE-2020-35563
CVE-2020-35570
CVE-2020-35566
CVE-2020-35561
CVE-2020-12529
CVE-2020-35559
CVE-2020-35568
CVE-2021-34574
VDE-2021-030
June 6, 2025, 9:00 AM

MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 (Update A)

Two issues have been discovered in mymbCONNECT24 and mbCONNECT24 in all versionsincluding V2.8.0. Updated affected versions (and solution) due to incomplete fixes in previous versions
CVE-2021-34575
CVE-2021-34574
VDE-2021-003
Sept. 7, 2022, 12:46 PM

MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 (Update A)

Multiple vulnerabilities have been found in mymbCONNECT24 and mbCONNECT24. Update A, 2022-09-07: Affected Products: updated affected versions due to incomplete fixes of some CVEs. See Solution for details. Solution: updated …
CVE-2020-35565
CVE-2020-35567
CVE-2020-10384
CVE-2020-12528
CVE-2020-35558
CVE-2020-35564
CVE-2020-35557
CVE-2020-12527
CVE-2020-35560
CVE-2020-35569
CVE-2020-12530
CVE-2020-35563
CVE-2020-35570
CVE-2020-35566
CVE-2020-35561
CVE-2020-12529
CVE-2020-35559
CVE-2020-35568
VDE-2022-031
Aug. 17, 2022, 10:00 AM

WAGO: Multiple Products Series affected by multiple CODESYS vulnerabilities

Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.
CVE-2019-9013
CVE-2020-12069
CVE-2020-12067
CVE-2019-9011
VDE-2022-035
Aug. 17, 2022, 10:00 AM

WAGO: Multiple product series affected by multiple CODESYS vulnerabilities

Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.
CVE-2021-33485
CVE-2020-6081
CVE-2021-36763
CVE-2021-29241
CVE-2021-36765
CVE-2021-29242