VDE-2018-013
Sept. 22, 2025, 12:00 nachm.
The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets. Please consult the original paper for details (link at the bottom of this advisory).
VDE-2025-085
Sept. 22, 2025, 10:00 vorm.
A path traversal flaw in the SmartEMS upload handling allows authenticated users to direct upload data outside of the intended directory via the 'Upload-Key' header. In deployments where writable, code-interpreted …
VDE-2025-083
Sept. 15, 2025, 10:00 vorm.
The vulnerability in the Ethernet switch circuit is caused by a PullUp resistor at the reset input, leading to premature activation and undefined operation. Switching to a PullDown resistor keeps …
VDE-2025-080
Sept. 9, 2025, 12:00 nachm.
A missing authentication vulnerability exists in the iocheckd service "I/O-Check" functionality. A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being …
VDE-2025-077
Sept. 9, 2025, 12:00 nachm.
The jq JSON processor, which is used to migrate firmware configurations in the product, contains 2 vulnerabilities that can be exploited by an authenticated attacker.
VDE-2025-075
Sept. 9, 2025, 12:00 nachm.
Beckhoff's TwinCAT 3 Engineering software is intented to craft automation projects consisting of a set of files which are stored locally as files underneath an individual folder or in a …
VDE-2025-064
Sept. 9, 2025, 9:00 vorm.
A local privilege escalation vulnerability in Phoenix Contact products utilizing WIBU-SYSTEMS CodeMeter Runtime allows users to gain admin rights on freshly installed systems. The CodeMeter Control Center starts with elevated …
VDE-2025-082
Sept. 8, 2025, 9:00 vorm.
A vulnerability in sudo allows a low privileged attacker to execute commands with root rights.