VDE-2025-022
Juni 5, 2025, 3:31 nachm.
The OPC UA security policy Basic128Rsa15 is vulnerable against attacks on the private key. This can lead to loss of confidentiality or authentication bypass. The CODESYS OPC UA server is …
VDE-2025-001
Juni 5, 2025, 3:31 nachm.
The CODESYS Key USB dongle, which is based on WIBU CodeMeter technology, is affected by a physical side-channel vulnerability.
VDE-2022-003
Juni 5, 2025, 3:28 nachm.
By tricking clients of the mentioned products into contacting malicious OPC UA servers and thereby acting as OPC UA clients, a crash of the component can be provoked.
VDE-2022-044
Juni 5, 2025, 3:28 nachm.
Several Pilz software products do not properly check pathnames contained in archives. An attacker can utilise this vulnerability to write arbitrary files, potentially leading to code execution.
VDE-2024-014
Juni 5, 2025, 3:28 nachm.
Several WAGO Firmwares are vulnerable to a to a remote attack which allows to bypass the integrity check through OpenSSH. This called Terrapin attack occurs because of mishandled handshake phase.
VDE-2020-002
Juni 5, 2025, 3:28 nachm.
CVS-2019-12255 Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to …
VDE-2023-057
Juni 5, 2025, 3:28 nachm.
Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial networks. The controllers don't feature a function to check integrity and authenticity of the …
VDE-2023-001
Juni 5, 2025, 3:28 nachm.
A new LTS Firmware release fixes known vulnerabilities in used open-source libraries. In addition, the following improvements have been implemented: HMI - Hardening against DoS attacks. - Hardening against memory …