VDE-2025-043
June 25, 2025, 12:00 PM
A security vulnerability was discovered in the PLC Designer V4 in the version 4.0.0 where the programmer of a Controller can set a password for the connected device. Here it …
VDE-2025-038
June 24, 2025, 12:00 PM
Two vulnerabilities in myREX24/myREX24.virtual can lead to user enumeration an password bypass.
VDE-2025-037
June 24, 2025, 12:00 PM
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.
VDE-2025-035
June 24, 2025, 12:00 PM
Two vulnerabilities in mbCONNECT24/mymbCONNECT24 can lead to user enumeration an password bypass.
VDE-2025-034
June 24, 2025, 12:00 PM
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.
VDE-2025-057
July 7, 2025, 8:15 AM
During installation, identical certificates are installed across all systems instead of unique ones, which are intended for JWT Token encryption and signing.
VDE-2025-018
Oct. 7, 2025, 10:00 AM
Vulnerabilities have been discovered in the WAGO Device Manager that allow any origin to access the server and set header values, as well as an endpoint that permits read access …
VDE-2025-040
June 16, 2025, 12:00 PM
The base ctrlX OS apps Device Admin and Solutions contain multiple vulnerabilities. In a worst case scenario, a remote authenticated (low-privileged) attacker might be able to execute arbitrary OS commands …