home.social

#csaf — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #csaf, aggregated by home.social.

  1. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-059
    Helmholz: Multiple vulnerabilities in REX100/REX200/REX250

    Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

    #ot #advisory #cve #csaf
  2. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-059
    Helmholz: Multiple vulnerabilities in REX100/REX200/REX250

    Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

    #ot #advisory #cve #csaf
  3. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-059
    Helmholz: Multiple vulnerabilities in REX100/REX200/REX250

    Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

    #csaf #cve #advisory #ot
  4. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-054
    MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini

    Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF mbconnectline.csaf-tp.certvde.

    #ot #advisory #cve #csaf
  5. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-054
    MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini

    Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF mbconnectline.csaf-tp.certvde.

    #ot #advisory #cve #csaf
  6. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-054
    MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini

    Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
    #CVE CVE-2026-40851, CVE-2026-40852

    certvde.com/en/advisories/vde-

    #CSAF mbconnectline.csaf-tp.certvde.

    #csaf #cve #advisory #ot
  7. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-058
    Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual

    Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
    #CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

    #ot #advisory #cve #csaf
  8. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-058
    Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual

    Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
    #CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

    #ot #advisory #cve #csaf
  9. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-058
    Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual

    Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
    #CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

    certvde.com/en/advisories/vde-

    #CSAF helmholz.csaf-tp.certvde.com/.

    #csaf #cve #advisory #ot
  10. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-044
    MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24

    Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
    #CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

    certvde.com/en/advisories/vde-

    #CSAF mbconnectline.csaf-tp.certvde.

    #ot #advisory #cve #csaf
  11. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-044
    MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24

    Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
    #CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

    certvde.com/en/advisories/vde-

    #CSAF mbconnectline.csaf-tp.certvde.

    #ot #advisory #cve #csaf
  12. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-044
    MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24

    Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
    #CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

    certvde.com/en/advisories/vde-

    #CSAF mbconnectline.csaf-tp.certvde.

    #csaf #cve #advisory #ot
  13. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-050
    Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration Files

    This advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation authenticity as well as the handling of configuration data in writable directories. Successful exploitation may allow authenticated attackers with different privilege levels to compromise integrity, availability, and system security of affected PLCnext Control. Both issues are resolved starting with PLCnext firmware version 2026.0.3.
    #CVE CVE-2025-41669, CVE-2025-41670

    certvde.com/en/advisories/vde-

    #CSAF phoenixcontact.csaf-tp.certvde

    #ot #advisory #cve #csaf
  14. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-050
    Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration Files

    This advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation authenticity as well as the handling of configuration data in writable directories. Successful exploitation may allow authenticated attackers with different privilege levels to compromise integrity, availability, and system security of affected PLCnext Control. Both issues are resolved starting with PLCnext firmware version 2026.0.3.
    #CVE CVE-2025-41669, CVE-2025-41670

    certvde.com/en/advisories/vde-

    #CSAF phoenixcontact.csaf-tp.certvde

    #ot #advisory #cve #csaf
  15. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-050
    Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration Files

    This advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation authenticity as well as the handling of configuration data in writable directories. Successful exploitation may allow authenticated attackers with different privilege levels to compromise integrity, availability, and system security of affected PLCnext Control. Both issues are resolved starting with PLCnext firmware version 2026.0.3.
    #CVE CVE-2025-41669, CVE-2025-41670

    certvde.com/en/advisories/vde-

    #CSAF phoenixcontact.csaf-tp.certvde

    #csaf #cve #advisory #ot
  16. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-053
    METTLER TOLEDO: EVA Karl Fischer titrators affected by libpng vulnerabilities

    Titration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
    #CVE CVE-2026-33636, CVE-2026-33416

    certvde.com/en/advisories/vde-

    #CSAF mettler-toledo.csaf-tp.certvde

    #ot #advisory #cve #csaf
  17. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-053
    METTLER TOLEDO: EVA Karl Fischer titrators affected by libpng vulnerabilities

    Titration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
    #CVE CVE-2026-33636, CVE-2026-33416

    certvde.com/en/advisories/vde-

    #CSAF mettler-toledo.csaf-tp.certvde

    #ot #advisory #cve #csaf
  18. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-053
    METTLER TOLEDO: EVA Karl Fischer titrators affected by libpng vulnerabilities

    Titration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
    #CVE CVE-2026-33636, CVE-2026-33416

    certvde.com/en/advisories/vde-

    #CSAF mettler-toledo.csaf-tp.certvde

    #csaf #cve #advisory #ot
  19. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-009
    JUMO: Multiple products affected by nodejs vulnerability

    A vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the Node.js qs module, limits for incoming request parameters are not properly enforced. As a result, an attacker can send specially crafted requests containing excessively large or deeply nested arrays, causing the web server to become unresponsive. This condition leads to a crash of the web server, followed by an automatic restart of the device.
    #CVE CVE-2025-15284

    certvde.com/en/advisories/vde-

    #CSAF jumo.csaf-tp.certvde.com/.well

    #ot #advisory #cve #csaf
  20. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-009
    JUMO: Multiple products affected by nodejs vulnerability

    A vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the Node.js qs module, limits for incoming request parameters are not properly enforced. As a result, an attacker can send specially crafted requests containing excessively large or deeply nested arrays, causing the web server to become unresponsive. This condition leads to a crash of the web server, followed by an automatic restart of the device.
    #CVE CVE-2025-15284

    certvde.com/en/advisories/vde-

    #CSAF jumo.csaf-tp.certvde.com/.well

    #ot #advisory #cve #csaf
  21. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-009
    JUMO: Multiple products affected by nodejs vulnerability

    A vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the Node.js qs module, limits for incoming request parameters are not properly enforced. As a result, an attacker can send specially crafted requests containing excessively large or deeply nested arrays, causing the web server to become unresponsive. This condition leads to a crash of the web server, followed by an automatic restart of the device.
    #CVE CVE-2025-15284

    certvde.com/en/advisories/vde-

    #CSAF jumo.csaf-tp.certvde.com/.well

    #csaf #cve #advisory #ot
  22. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-057
    CODESYS Control - Out-of-bounds Write

    Successful exploitation allows an unauthenticated remote attacker to trigger an out-of-bounds write, causing the CODESYS Control Runtime to crash and resulting in a denial of service on the affected device.
    #CVE CVE-2026-8047

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  23. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-057
    CODESYS Control - Out-of-bounds Write

    Successful exploitation allows an unauthenticated remote attacker to trigger an out-of-bounds write, causing the CODESYS Control Runtime to crash and resulting in a denial of service on the affected device.
    #CVE CVE-2026-8047

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  24. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-057
    CODESYS Control - Out-of-bounds Write

    Successful exploitation allows an unauthenticated remote attacker to trigger an out-of-bounds write, causing the CODESYS Control Runtime to crash and resulting in a denial of service on the affected device.
    #CVE CVE-2026-8047

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #csaf #cve #advisory #ot
  25. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-056
    CODESYS Control - Incorrect Authorization

    The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups including the visualization administrators group, which is intended solely to manage visualization users.
    #CVE CVE-2026-8046

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  26. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-056
    CODESYS Control - Incorrect Authorization

    The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups including the visualization administrators group, which is intended solely to manage visualization users.
    #CVE CVE-2026-8046

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  27. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-056
    CODESYS Control - Incorrect Authorization

    The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups including the visualization administrators group, which is intended solely to manage visualization users.
    #CVE CVE-2026-8046

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #csaf #cve #advisory #ot
  28. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-055
    CODESYS Development System - Incorrect Default Permissions

    Two local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. This allows low-privileged local users to modify a temporary bootstrap file to force the deployment of arbitrary components, or to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition to replace digitally verified installation files with malicious ones prior to installation. Both flaws bypass intended security boundaries during the installation of packages or add-ons.
    #CVE CVE-2026-44469, CVE-2026-44468

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  29. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-055
    CODESYS Development System - Incorrect Default Permissions

    Two local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. This allows low-privileged local users to modify a temporary bootstrap file to force the deployment of arbitrary components, or to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition to replace digitally verified installation files with malicious ones prior to installation. Both flaws bypass intended security boundaries during the installation of packages or add-ons.
    #CVE CVE-2026-44469, CVE-2026-44468

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  30. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-055
    CODESYS Development System - Incorrect Default Permissions

    Two local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. This allows low-privileged local users to modify a temporary bootstrap file to force the deployment of arbitrary components, or to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition to replace digitally verified installation files with malicious ones prior to installation. Both flaws bypass intended security boundaries during the installation of packages or add-ons.
    #CVE CVE-2026-44469, CVE-2026-44468

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #csaf #cve #advisory #ot
  31. Alexandre Dulaunoy @[email protected] ·

    Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

    #gcve #cve #csaf
  32. Alexandre Dulaunoy @[email protected] ·

    Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

    #gcve #cve #csaf
  33. Alexandre Dulaunoy @[email protected] ·

    Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

    #gcve #cve #csaf
  34. Alexandre Dulaunoy @[email protected] ·

    Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

    #csaf #cve #gcve
  35. Alexandre Dulaunoy @[email protected] ·

    Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

    #gcve #cve #csaf
  36. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-052
    CODESYS Visualization - Insufficiently Protected Credentials

    A vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations concurrently.
    #CVE CVE-2026-0393

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  37. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-052
    CODESYS Visualization - Insufficiently Protected Credentials

    A vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations concurrently.
    #CVE CVE-2026-0393

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  38. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-052
    CODESYS Visualization - Insufficiently Protected Credentials

    A vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations concurrently.
    #CVE CVE-2026-0393

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #csaf #cve #advisory #ot
  39. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-042
    CODESYS Modbus TCP Server - Improper resource management

    CODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server protocol stack library results in a vulnerability. When a Modbus TCP server is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
    #CVE CVE-2026-35227

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  40. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-042
    CODESYS Modbus TCP Server - Improper resource management

    CODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server protocol stack library results in a vulnerability. When a Modbus TCP server is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
    #CVE CVE-2026-35227

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #ot #advisory #cve #csaf
  41. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-042
    CODESYS Modbus TCP Server - Improper resource management

    CODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server protocol stack library results in a vulnerability. When a Modbus TCP server is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
    #CVE CVE-2026-35227

    certvde.com/en/advisories/vde-

    #CSAF codesys.csaf-tp.certvde.com/.w

    #csaf #cve #advisory #ot
  42. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-005
    ifm: Multiple Vulnerabilities in CR3171

    The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
    #CVE CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

    certvde.com/en/advisories/vde-

    #CSAF ifm.csaf-tp.certvde.com/.well-

    #ot #advisory #cve #csaf
  43. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-005
    ifm: Multiple Vulnerabilities in CR3171

    The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
    #CVE CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

    certvde.com/en/advisories/vde-

    #CSAF ifm.csaf-tp.certvde.com/.well-

    #ot #advisory #cve #csaf
  44. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-005
    ifm: Multiple Vulnerabilities in CR3171

    The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
    #CVE CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

    certvde.com/en/advisories/vde-

    #CSAF ifm.csaf-tp.certvde.com/.well-

    #csaf #cve #advisory #ot
  45. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-048
    VEGA: Missing Authentication for critical function in VEGAPULS Bluetooth products

    Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
    #CVE CVE-2026-3323

    certvde.com/en/advisories/vde-

    #CSAF vega.csaf-tp.certvde.com/.well

    #ot #advisory #cve #csaf
  46. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-048
    VEGA: Missing Authentication for critical function in VEGAPULS Bluetooth products

    Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
    #CVE CVE-2026-3323

    certvde.com/en/advisories/vde-

    #CSAF vega.csaf-tp.certvde.com/.well

    #ot #advisory #cve #csaf
  47. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-048
    VEGA: Missing Authentication for critical function in VEGAPULS Bluetooth products

    Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
    #CVE CVE-2026-3323

    certvde.com/en/advisories/vde-

    #CSAF vega.csaf-tp.certvde.com/.well

    #csaf #cve #advisory #ot
  48. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-047
    VEGA: Missing Authentication for critical function in VEGAPULS Air products

    Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
    #CVE CVE-2026-3323

    certvde.com/en/advisories/vde-

    #CSAF vega.csaf-tp.certvde.com/.well

    #ot #advisory #cve #csaf
  49. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-047
    VEGA: Missing Authentication for critical function in VEGAPULS Air products

    Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
    #CVE CVE-2026-3323

    certvde.com/en/advisories/vde-

    #CSAF vega.csaf-tp.certvde.com/.well

    #ot #advisory #cve #csaf
  50. CERT@VDE @[email protected] ·

    #OT #Advisory VDE-2026-047
    VEGA: Missing Authentication for critical function in VEGAPULS Air products

    Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
    #CVE CVE-2026-3323

    certvde.com/en/advisories/vde-

    #CSAF vega.csaf-tp.certvde.com/.well

    #csaf #cve #advisory #ot