#ocsaf — Public Fediverse posts on home.social

CERT@VDE @[email protected] · 2026-04-23 · 13:35 UTC

#OT #Advisory VDE-2026-040
CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35225

https://certvde.com/en/advisories/vde-2026-040/
#oCSAF
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json

#ot #advisory #cve #ocsaf #csaf

CERT@VDE @[email protected] · 2026-04-23 · 13:35 UTC

#OT #Advisory VDE-2026-040
CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35225

https://certvde.com/en/advisories/vde-2026-040/
#oCSAF
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json

#ot #advisory #cve #ocsaf #csaf

CERT@VDE @[email protected] · 2026-04-23 · 13:35 UTC

#OT #Advisory VDE-2026-040
CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35225

https://certvde.com/en/advisories/vde-2026-040/
#oCSAF
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json

#csaf #ocsaf #cve #advisory #ot

CERT@VDE @[email protected] · 2026-04-23 · 10:49 UTC

#OT #Advisory VDE-2026-029
METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances

MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.
#CVE CVE-2025-15467

https://certvde.com/en/advisories/vde-2026-029/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-029.json

#ot #advisory #cve #ocsaf #csaf

CERT@VDE @[email protected] · 2026-04-23 · 10:49 UTC

#OT #Advisory VDE-2026-029
METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances

MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.
#CVE CVE-2025-15467

https://certvde.com/en/advisories/vde-2026-029/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-029.json

#ot #advisory #cve #ocsaf #csaf

CERT@VDE @[email protected] · 2026-04-23 · 10:49 UTC

#OT #Advisory VDE-2026-029
METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances

MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.
#CVE CVE-2025-15467

https://certvde.com/en/advisories/vde-2026-029/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-029.json

#csaf #ocsaf #cve #advisory #ot

CERT@VDE @[email protected] · 2026-04-09 · 10:58 UTC

#OT #Advisory VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
#CVE CVE-2024-1490

https://certvde.com/en/advisories/vde-2024-008/
#oCSAF
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json

#ot #advisory #cve #ocsaf #csaf

CERT@VDE @[email protected] · 2026-04-09 · 10:58 UTC

#OT #Advisory VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
#CVE CVE-2024-1490

https://certvde.com/en/advisories/vde-2024-008/
#oCSAF
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json

#ot #advisory #cve #ocsaf #csaf

CERT@VDE @[email protected] · 2026-04-09 · 10:58 UTC

#OT #Advisory VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
#CVE CVE-2024-1490

https://certvde.com/en/advisories/vde-2024-008/
#oCSAF
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json

#csaf #ocsaf #cve #advisory #ot

CERT@VDE @[email protected] · 2026-04-07 · 06:38 UTC

#OT #Advisory VDE-2026-013
Helmholz: Use of a Broken or Risky Cryptographic Algorithm

Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
#CVE CVE-2016-2183

https://certvde.com/en/advisories/vde-2026-013/
#oCSAF
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json

#cve #ocsaf #csaf #ot #advisory

CERT@VDE @[email protected] · 2026-04-07 · 06:38 UTC

#OT #Advisory VDE-2026-013
Helmholz: Use of a Broken or Risky Cryptographic Algorithm

Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
#CVE CVE-2016-2183

https://certvde.com/en/advisories/vde-2026-013/
#oCSAF
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json

#ot #advisory #cve #ocsaf #csaf

CERT@VDE @[email protected] · 2026-04-07 · 06:38 UTC

#OT #Advisory VDE-2026-013
Helmholz: Use of a Broken or Risky Cryptographic Algorithm

Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
#CVE CVE-2016-2183

https://certvde.com/en/advisories/vde-2026-013/
#oCSAF
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json

#csaf #ocsaf #cve #advisory #ot

BSI @[email protected] · 2023-10-06 · 13:28 UTC

Congratulations, Cybersecurity and Infrastructure Security Agency, and Jen Easterly (CISA) on publishing the #OT #Advisories as #oCSAF! 👏

This is an important step which will allow all asset owners a faster and more effective review of security advisories.
@certbund already put you up on our #oCSAF Lister: https://wid.cert-bund.de/.well-known/csaf-aggregator/aggregator.json

#ot #advisories #ocsaf

BSI @[email protected] · 2023-04-21 · 14:04 UTC

Die Zahl der Schwachstellen steigt - und damit der Aufwand in der Bewertung. Weil manuelle Verfahren an ihre Grenzen stoßen, braucht es Automatisierung.
#oCSAF ist eine internationale Initiative für eine einheitliche Lösung. Als BSI stellen wir Tools für eine Nutzung bereit.

Mehr Infos: 👉 https://www.bsi.bund.de/dok/954494

#DeutschlandDigitalSicherBSI

#ocsaf #deutschlanddigitalsicherbsi

BSI @[email protected] · 2023-04-21 · 13:03 UTC

Es lohnt sich, bis zum Ende auf der #HM23 zu bleiben: Heute um 15:25 Uhr stellen wir das Common Security Advisory Format #oCSAF & seine Vorteile im Umgang mit Sicherheitsschwachstellen auf der Industrie 4.0 Conference Stage, Halle 8, Stand D17, vor. #DeutschlandDigitalSicherBSI

#hm23 #ocsaf #deutschlanddigitalsicherbsi