VDE-2025-032
May 6, 2025, 12:00 PM
Multiple W&T Products are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via crafted payloads injected into several input fields of the …
VDE-2023-046
April 28, 2025, 12:00 PM
An attacker with administrative privileges which can access sensitive files, can additionally access them in an unintended, undocumented way.
VDE-2025-031
April 28, 2025, 12:00 PM
Wiesemann & Theis: Multiple products from Wiesemann & Theis support deprecated TLS protocol versions
Com-Server firmware versions prior to 1.60 support the insecure TLS 1.0 and TLS 1.1 protocols, which are susceptible to man-in-the-middle attacks and thereby compromise the confidentiality and integrity of data.
VDE-2025-027
April 23, 2025, 12:00 PM
An unauthenticated attacker can read static visualization files of the CODESYS WebVisu, by bypassing the CODESYS Visualization user management applying forced browsing.
VDE-2025-007
April 15, 2025, 12:00 PM
The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1, 1970. On January 19, 2038, at 03:14:07 UTC, the …
VDE-2025-033
April 14, 2025, 12:00 PM
The ADS-TEC firewall products IRF1000, IRF2000, and IRF3000 include Eclipse Mosquitto, affected by multiple vulnerabilities. Exploitation requires a compromised upstream MQTT broker, limiting direct device exposure.
VDE-2024-064
April 11, 2025, 9:00 AM
Beckhoff's TwinCAT 3.1 Build 4026 software is modularized and is installed with different packages depending on user requirements. These packages are selected and installed using either the command line utility …
VDE-2020-021
April 11, 2025, 9:00 AM
The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic …