VDE-2025-067
Aug. 25, 2025, 12:00 PM
Motherbox 3 with firmware 1.44 to 1.48 allows an unauthenticated remote attacker read-only access to the internal DB with measurement values from other W&T sensor devices.
VDE-2025-028
Aug. 5, 2025, 12:00 PM
A security vulnerability was identified in the ICMHelper service running on the system of an ICM installation. A low privileged local attacker could exploit this vulnerability to issue OS commands …
VDE-2025-051
Sept. 1, 2025, 12:00 PM
A vulnerability in the CODESYS Control runtime system allows low-privileged remote attackers to access the PKI folder via CODESYS protocol, enabling them to read and write certificates and keys. This …
VDE-2025-049
Aug. 4, 2025, 12:00 PM
On certain operating systems (e.g., Linux), default file system permissions may allow read access to the files of the CODESYS Control runtime system for non-administrator users. The documentation provided with …
VDE-2025-070
Sept. 1, 2025, 12:00 PM
A vulnerability in the CODESYS Control runtime system's CmpDevice component allows unauthenticated attackers to cause a denial-of-service (DoS) via specially crafted communication requests. The issue is triggered by a NULL …
VDE-2025-069
July 31, 2025, 12:00 PM
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in REX200/250 devices, enabling the execution of arbitrary operating system commands and leading to full system …
VDE-2025-065
July 31, 2025, 12:00 PM
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in mbNET devices, enabling the execution of arbitrary operating system commands and leading to full system …
VDE-2025-058
July 21, 2025, 12:00 PM
Multiple vulnerabilities in all mbNET.mini devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.