#OT #Advisory VDE-2026-018
CODESYS Control V3 - Externally-controlled format string in Auditlog
The CODESYS Control runtime system's CmpAuditLog component allows potentially unauthenticated remote attackers to control the format string of processed log messages. Due to the internal processing […]
#OT #Advisory VDE-2026-011
CODESYS Control V3 - Untrusted boot application
The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups. While only the privileged Administrators and Developer groups are intended to load or debug applications on the […]
#OT #Advisory VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969 […]
#OT #Advisory VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969 […]
#OT #Advisory VDE-2026-020
WAGO: Vulnerability in managed switches
A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function.
#CVE CVE-2026-3587
https://certvde.com/en/advisories/vde-2026-020/ […]
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these […]
An overview of the current set of sources in the db.gcve.eu instance running the latest version of vulnerability-lookup. https://db.gcve.eu/recent#fstec
A new pull request for Vulnerability-Lookup adds a CSAF producer that publishes advisories for many manufacturers.
This is great for defenders and researchers, as it increases the amount of detailed vulnerability information available.
It will push the […]
[Original post on infosec.exchange]
#OT #Advisory VDE-2026-012
CODESYS Installer - Possible Privilege Escalation
Exploitation of this vulnerability can lead to a privilege escalation on the host system.
#CVE CVE-2026-2364
https://certvde.com/en/advisories/vde-2026-012/
#CSAF […]
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and […]
#OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710 […]
#OT #Advisory VDE-2026-001
METTLER TOLEDO: ASP.NET core vulnerability in LabX
LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
#CVE CVE-2025-55315
https://certvde.com/en/advisories/vde-2026-001/
#oCSAF
#CSAF […]
#OT #Advisory VDE-2026-002
Endress+Hauser: buffer overflow in glibc ld.so leading to privilege escalation
A vulnerability has been identified in WAGO devices utilized in Endress+Hauser IoT solutions. WAGO has provided fixes for these vulnerabilities, which have been integrated into the […]
#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite
Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within […]
#OT #Advisory VDE-2026-007
TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability
The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.
#CVE CVE-2025-47809 […]
#OT #Advisory VDE-2026-0001
JBL: DoS vulnerability in Flip 4
Any attacker in radio range can send malicious messages to cause the device to crash.
#CVE CVE-2025-41725
https://certvde.com/en/advisories/vde-2026-0001/
#CSAF […]
#OT #Advisory VDE-2025-109
Phoenix Contact: Unbounded growth of the session cache in TCP encapsulation service in FL MGUARD 2xxx and 4xxx firmware
The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.
#CVE […]
#OT #Advisory VDE-2026-004
WAGO: Vulnerabilities in Managed Switch
Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer […]
日本語教育機関の認定申請に関する特別講習会を開催 #東京都 #中央区 #日本語教育機関 #CSAF #認定申請
新規の日本語教育機関向けに、認定申請の実務を解説。実例を交えた内容で、申請プロセスを理解できます。
During the question-and-answer session, attendees had the opportunity to ask panellists and members of #CSAF questions regarding the topics discussed, including the impacts of #UStariffs, #EUDR and price volatility trends on producers and lenders.
#OT #Advisory VDE-2025-097
METZ CONNECT: Config API – Authentication bypass leads to admin takeover in EWIO2 series
A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can […]
#COLEADNews - @coleadlink.bsky.social joined #EDFI Corporate Day & #CSAF Convening to share how linking funding and expertise fuels sustainable growth in African agribusiness: zurl.co/Ejg21
#ImpactFinance #AgriFood
新規の日本語教育機関向けの認定申請講習会が開催決定! #東京都 #中央区 #CSAF #BTS言語学院 #日本学習アカデミー
認定日本語教育機関の申請を目指す教育機関向けの講習会を開催。具体的な申請プロセスを解説します。
#OT #Advisory VDE-2025-086
Jumo: Predictable debug-interface password in variTRON series
Unauthorized root-access to the UART and ssh Interface.
#CVE CVE-2025-41731
https://certvde.com/en/advisories/vde-2025-086/
#CSAF jumo.csaf-tp.certvde.com/.well-known/csaf/white/2...
#OT #Advisory VDE-2025-062
WAGO: Multiple Vulnerabilities in CODESYS components
Several WAGO firmwares installed on different devices are impacted by various CODESYS vulnerabilities. These affect the runtime, visualization, and OPC UA server.
#CVE CVE-2025-1468, CVE-2025-0694, CVE-2025-2595 […]
#OT #Advisory VDE-2025-093
Pilz: Vulnerability affecting PASvisu Runtime
The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by a malicious web request.
#CVE CVE-2025-51495
https://certvde.com/en/advisories/vde-2025-093/
#CSAF […]
#OT #Advisory VDE-2025-091
Murrelektronik: Cleartext Transmission of Sensitive Information in IMPACT67 Pro
User credentials, sent to the devices Webserver, are exposed to an attacker in the same network or network segment. The datas confidentiallity is compromised.
#CVE CVE-2025-41718 […]
#OT #Advisory VDE-2025-074
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
A vulnerability in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
#CVE CVE-2025-41699
https://certvde.com/en/advisories/vde-2025-074/
#CSAF […]
#OT #Advisory VDE-2025-072
Phoenix Contact: Security Advisory for QUINT4-UPS EIP
Multiple vulnerabilities were discovered in the firmware of QUINT4-UPS EIP devices that can be used by an unauthenticated remote attacker to perform Denial of Service attacks and to gather login credentials for the […]
