VDE-2025-051
Sept. 1, 2025, 12:00 PM
A vulnerability in the CODESYS Control runtime system allows low-privileged remote attackers to access the PKI folder via CODESYS protocol, enabling them to read and write certificates and keys. This …
VDE-2025-049
Aug. 4, 2025, 12:00 PM
On certain operating systems (e.g., Linux), default file system permissions may allow read access to the files of the CODESYS Control runtime system for non-administrator users. The documentation provided with …
VDE-2025-070
Oct. 14, 2025, 10:00 AM
A vulnerability in the CODESYS Control runtime system's CmpDevice component allows unauthenticated attackers to cause a denial-of-service (DoS) via specially crafted communication requests. The issue is triggered by a NULL …
VDE-2025-069
July 31, 2025, 12:00 PM
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in REX200/250 devices, enabling the execution of arbitrary operating system commands and leading to full system …
VDE-2025-065
July 31, 2025, 12:00 PM
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in mbNET devices, enabling the execution of arbitrary operating system commands and leading to full system …
VDE-2025-058
July 21, 2025, 12:00 PM
Multiple vulnerabilities in all mbNET.mini devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
VDE-2025-059
July 21, 2025, 12:00 PM
Multiple vulnerabilities in all REX 100 devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
VDE-2025-053
July 8, 2025, 12:00 PM
Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2025.0.2