VDE-2022-061
March 15, 2023, 10:00 AM
VARTA energy storage systems have a web user interface via which users and installers can access live data measurements and configure the system to their needs. It has been discovered …
VDE-2022-060
Feb. 27, 2023, 12:00 PM
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates. The configuration backend can in some cases be used without authentication and …
VDE-2022-055
Feb. 16, 2023, 2:43 PM
An unknown and undocumented configuration interface with limited functionality was identified on the affected devices.
VDE-2022-054
Jan. 12, 2023, 8:52 AM
A vulnerability in the web-based management (WBM) of WAGOs programmable logic controller (PLC) could allow an unauthenticated remote attacker to retrieve sensitive information.
VDE-2022-056
Dec. 14, 2022, 8:00 AM
A JavaScript injection vulnerability has been discovered in the XML editing system SCHEMA ST4 onlinehelp by Quanos Solutions GmbH. For details refer to CVE.This vulnerability may allow an attacker to …
VDE-2022-050
Dec. 12, 2022, 12:00 PM
An unauthenticated remote attacker could reset the administrator's password with information from the default, self-signed certificate.
VDE-2022-033
Nov. 24, 2022, 10:00 AM
PASvisu is an HMI solution for Machine Visualization. It is available as a standalone software product, but it is also included in various models of the PMI product family. The …
VDE-2022-052
Nov. 21, 2022, 10:00 AM
Up until October 5th, 2022 the ease2pay API used by Miele's "AppWash" MobileApp was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain …