Advisories | CERT@VDE

2025-05-06 10:00 VDE-2025-032

Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting

Multiple W&T Products are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via crafted payloads injected into several input fields of the configuration webpage.

more ...

CVE-2025-3020: 5.4

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (3)

Auma (4)

Beckhoff (14)

Bender (2)

CODESYS (18)

Endress+Hauser (12)

Festo (12)

Festo Didactic (7)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (12)

HIMA (2)

ifm (3)

Innominate (2)

Lenze (3)

MB connect line (12)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (32)

PHOENIX CONTACT (91)

Pilz (13)

Red Lion Europe (4)

SMA (4)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (4)

TRUMPF Laser (8)

TRUMPF Werkzeugmaschinen (9)

VARTA Storage (1)

VMT (1)

WAGO (63)

Weidmueller (12)

Welotec (3)

Wiesemann & Theis (5)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0

Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting

Feeds

By Vendor

Archive

2025

2024

2023

2022

2021

2020

2019

2018

2017

Legend