VDE-2023-005
June 25, 2023, 8:00 AM
An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly …
VDE-2023-007
May 22, 2025, 3:03 PM
The 'legal information' plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user. UPDATE A 15.06.2023 : Removed PFC100 with FW23 as affected …
VDE-2022-060
Feb. 27, 2023, 12:00 PM
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates. The configuration backend can in some cases be used without authentication and …
VDE-2022-055
Feb. 16, 2023, 2:43 PM
An unknown and undocumented configuration interface with limited functionality was identified on the affected devices.
VDE-2022-054
Jan. 12, 2023, 8:52 AM
A vulnerability in the web-based management (WBM) of WAGOs programmable logic controller (PLC) could allow an unauthenticated remote attacker to retrieve sensitive information.
VDE-2022-040
Sept. 22, 2023, 2:39 PM
UPDATE A: Solution has updated release datesUPDATE B: Solution has updated release datesThis Advisory is published with reference to: CODESYS Advisory 2022-11 (Security update for CODESYS Control V2) CODESYS Advisory …
VDE-2022-042
Oct. 17, 2022, 10:00 AM
The MAC address filter as part of the firewall has a flaw, which prevents the MAC address filter to be active after restart. In this way a remote attacker is …
VDE-2022-047
Oct. 12, 2022, 10:00 AM
The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of …