VDE-2025-035
June 24, 2025, 12:00 PM
Two vulnerabilities in mbCONNECT24/mymbCONNECT24 can lead to user enumeration an password bypass.
VDE-2025-034
June 24, 2025, 12:00 PM
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.
VDE-2025-057
July 7, 2025, 8:15 AM
During installation, identical certificates are installed across all systems instead of unique ones, which are intended for JWT Token encryption and signing.
VDE-2025-018
Oct. 7, 2025, 10:00 AM
Vulnerabilities have been discovered in the WAGO Device Manager that allow any origin to access the server and set header values, as well as an endpoint that permits read access …
VDE-2025-040
June 16, 2025, 12:00 PM
The base ctrlX OS apps Device Admin and Solutions contain multiple vulnerabilities. In a worst case scenario, a remote authenticated (low-privileged) attacker might be able to execute arbitrary OS commands …
VDE-2025-052
July 23, 2025, 12:00 PM
Weidmueller security routers IE-SR-2TX are affected by multiple vulnerabilities (CVE-2025-41661, CVE-2025-41663, CVE-2025-41683, CVE-2025-41684, CVE-2025-41687). Weidmueller has released new firmware versions of the affected products to fix the vulnerabilities. **Update Version …
VDE-2025-047
June 10, 2025, 12:00 PM
For actuators with AC.2 controls and PROFOX actuators, a wrong configuration occurred for deliveries within the period from 01.01.2024 to 09.05.2025. Despite the ordered option "L90.00 = Bluetooth always deactivated", …
VDE-2025-020
June 2, 2025, 8:00 AM
The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1st, 1970. On January 19, 2038, at 03:14:07 UTC, the …