VDE-2022-020
June 23, 2025, 10:00 AM
The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability. Update A, 2022-07-05 Remediation has been updated. Fixed firmwares are now available.
VDE-2024-075
June 17, 2025, 8:00 AM
A security researcher discovered that in the affected products a clickjacking vulnerability in the web frontend exists. An attacker could lure the user to click on a malicious website which …
VDE-2025-040
June 16, 2025, 12:00 PM
The base ctrlX OS apps Device Admin and Solutions contain multiple vulnerabilities. In a worst case scenario, a remote authenticated (low-privileged) attacker might be able to execute arbitrary OS commands …
VDE-2025-047
June 10, 2025, 12:00 PM
For actuators with AC.2 controls and PROFOX actuators, a wrong configuration occurred for deliveries within the period from 01.01.2024 to 09.05.2025. Despite the ordered option "L90.00 = Bluetooth always deactivated", …
VDE-2021-030
June 6, 2025, 9:00 AM
Two issues have been discovered in mymbCONNECT24 and mbCONNECT24 in all versionsincluding V2.8.0. Updated affected versions (and solution) due to incomplete fixes in previous versions
VDE-2024-055
June 5, 2025, 3:32 PM
Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to …
VDE-2025-015
June 5, 2025, 3:31 PM
A low privileged attacker with physical access to a controller, that supports removable media and is running a CODESYS Control runtime system, can exploit the insufficient path validation by connecting …
VDE-2025-013
June 5, 2025, 3:31 PM
The CODESYS Gateway enables communication between CODESYS runtimes and other clients, primarily the CODESYS Development System V3. It is usually installed as a part of the CODESYS Development System V3 …