VDE-2022-004
March 9, 2022, 8:00 AM
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) …
VDE-2021-050
Nov. 16, 2021, 12:02 PM
Multiple vulnerabilities were reported in the Nucleus Real-Time Operating System (RTOS). The Nucleus RTOS is an essential component in several WAGO PLCs and fieldbus coupler. WAGO uses older Versions of …
VDE-2021-046
Nov. 10, 2021, 8:23 AM
Cross-site scripting in web-based management and memory leak in the remote logging function of FL MGUARD 1102 and FL MGUARD 1105. CVE-2021-34582: The file upload functionality in the web-based management …
VDE-2021-048
Oct. 4, 2021, 2:33 PM
The affected products contain a CODESYS Control runtime system in version V2. They are therefore affected by the vulnerability described in CODESYS Advisory 2021-06. It provides a communication server for …
VDE-2021-033
Aug. 12, 2021, 3:02 PM
VDE-2021-034
July 30, 2021, 9:55 AM
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM …
VDE-2021-018
May 12, 2021, 10:57 AM
Critical vulnerability has been discovered in the utilized components rcX, mbedTLS, PROFINET IO Device and EtherNet/IP Core by Hilscher Gesellschaft für Systemautomation mbH. The impact of the vulnerabilities on the …
VDE-2020-051
May 11, 2021, 12:00 PM
Some TwinCAT OPC UA Server and IPC Diagnostics UA Server versions from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send …