Advisories

Show filters filter

Manufacturer

Scoring

For CVSS 2.0, 3.0 and 3.2

No CVE available

0.1 - 3.9

4 - 6.9

7 - 8.9

9 - 10

VDE-2025-066

Aug. 27, 2025, 10:00 AM

SMA: Directory Traversal in Sunny Boy

A security researcher discovered a Directory Traversal vulnerability in Sunny Boy 3, which allows remote attackers to access sensitive information. The vulnerability is already fixed since January 2021 with version …

CVE-2021-4459

VDE-2021-045

Aug. 26, 2025, 12:00 PM

Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q

The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP.

CVE-2021-27478

CVE-2021-27498

CVE-2021-27500

CVE-2021-27482

VDE-2022-022

Aug. 26, 2025, 12:00 PM

Festo: Controller CECC-S,LK,D family <= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system

The Festo controller CECC product family is affected by multiple vulnerabilities in the CODESYS V3 runtime.

CVE-2020-10245

CVE-2021-33485

CVE-2018-10612

CVE-2019-9010

CVE-2019-13548

CVE-2019-18858

CVE-2019-9013

CVE-2019-9008

CVE-2022-22515

CVE-2020-12069

CVE-2022-22517

CVE-2021-36764

CVE-2020-12067

CVE-2020-15806

CVE-2021-36763

CVE-2022-22519

CVE-2021-29241

CVE-2019-5105

CVE-2018-20025

CVE-2018-20026

CVE-2019-13532

CVE-2019-9012

CVE-2019-9009

CVE-2021-29242

CVE-2022-22514

CVE-2022-22513

CVE-2020-12068

CVE-2018-0739

CVE-2020-7052

CVE-2019-13542

CVE-2017-3735

CVE-2019-9011

CVE-2010-5250

VDE-2025-076

Aug. 26, 2025, 9:00 AM

Welotec: Hard-coded JWT secret in egOS WebGUI

A hard-coded JWT secret in the egOS WebGUI backend is readable to the default user, allowing attackers to forge valid tokens and access protected API endpoints.

CVE-2025-41702

VDE-2025-067

Aug. 25, 2025, 12:00 PM

Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access

Motherbox 3 with firmware 1.44 to 1.48 allows an unauthenticated remote attacker read-only access to the internal DB with measurement values from other W&T sensor devices.

CVE-2025-41689

VDE-2025-050

Aug. 19, 2025, 12:00 PM

SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user

A security researcher discovered a data disclosure vulnerability in Sunny Portal powered by ennexOS, ennexos.sunnyportal.com. A regularly authenticated user can receive the name of an other registered Sunny Portal user …

CVE-2025-41685

VDE-2025-063

Aug. 12, 2025, 12:00 PM

Phoenix Contact: Device and Update Management Windows Installer Privilege Escalation

A privilege escalation vulnerability exists in Phoenix Contact Device and Update Management prior to version 2025.3.1 due to misconfigured permissions on nssm.exe in the DAUM-WINDOWS-SERVICE. This misconfiguration allows a low-privileged …

CVE-2025-41686

VDE-2025-028

Aug. 5, 2025, 12:00 PM

Draeger: ICMHelper is vulnerable to a privilege escalation

A security vulnerability was identified in the ICMHelper service running on the system of an ICM installation. A low privileged local attacker could exploit this vulnerability to issue OS commands …

CVE-2025-41698

CVE-2025-2810