VDE-2026-057
May 26, 2026, 12:00 PM
The CmpWebServer component in the CODESYS Control Runtime allows users to create browser-based visualizations for monitoring and controlling industrial processes. Due to improper bounds checking, a specially crafted HTTP request …
VDE-2026-055
May 26, 2026, 12:00 PM
Two local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. …
VDE-2026-053
May 26, 2026, 12:00 PM
Titration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
VDE-2026-009
May 26, 2026, 9:00 AM
A vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the …
VDE-2026-052
May 21, 2026, 12:00 PM
A vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations …
VDE-2026-042
May 12, 2026, 9:00 AM
CODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server …
VDE-2026-005
May 6, 2026, 10:00 AM
The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
VDE-2026-046
May 4, 2026, 11:00 AM
Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed …