VDE-2025-001
June 5, 2025, 3:31 PM
The CODESYS Key USB dongle, which is based on WIBU CodeMeter technology, is affected by a physical side-channel vulnerability.
VDE-2025-022
June 5, 2025, 3:31 PM
The OPC UA security policy Basic128Rsa15 is vulnerable against attacks on the private key. This can lead to loss of confidentiality or authentication bypass. The CODESYS OPC UA server is …
VDE-2025-013
June 5, 2025, 3:31 PM
The CODESYS Gateway enables communication between CODESYS runtimes and other clients, primarily the CODESYS Development System V3. It is usually installed as a part of the CODESYS Development System V3 …
VDE-2025-015
June 5, 2025, 3:31 PM
A low privileged attacker with physical access to a controller, that supports removable media and is running a CODESYS Control runtime system, can exploit the insufficient path validation by connecting …
VDE-2022-044
June 5, 2025, 3:28 PM
Several Pilz software products do not properly check pathnames contained in archives. An attacker can utilise this vulnerability to write arbitrary files, potentially leading to code execution.
VDE-2022-003
June 5, 2025, 3:28 PM
By tricking clients of the mentioned products into contacting malicious OPC UA servers and thereby acting as OPC UA clients, a crash of the component can be provoked.
VDE-2024-014
June 5, 2025, 3:28 PM
Several WAGO Firmwares are vulnerable to a to a remote attack which allows to bypass the integrity check through OpenSSH. This called Terrapin attack occurs because of mishandled handshake phase.
VDE-2023-057
June 5, 2025, 3:28 PM
Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks. The controllers don't feature a function to check integrity and authenticity of the …