est. 2017
Supporting OT/ICS Security.
#CVE #CSAF #Advisory #OT
We are the #CNA for:
365FarmNet, ads-tec Industrial IT, AKG, AMX, Auma, Beckhoff, Bender, Bucher Automation, Carlo Gavazzi Controls, CLAAS, Codesys, Dräger, DURAG, Endress+Hauser, Etherwan Systems, Euchner, Festo, Festo Didactic, Frauscher, Futronic, GEA, Harman International, Helmholz, Hilscher, HIMA, HYDAC, HYDAC Electronic GmbH, HYDAC Software GmbH, HYDAC Filter Systems GmbH, TTControl, ifm, Innominate, JBL, Jetter, JUMO, K4 DIGITAL, KEB, Kendrion, KEBA, KROHNE, KUKA, KUHNKE, Lenze, M&M Software, MB connect line, Miele, Murrelektronik, NEOCEPTION, Pepperl+Fuchs, PHOENIX CONTACT, Pilz, Red Lion Europe, Satinfo, SMA, SWARCO, Sysmik, TRUMPF, VARTA Storage, VEGA, VMT Vision Machine Technic, WAGO, Weidmueller, Welotec, Wiesemann & Theis.
See https://certvde.com/en/cna/ for details.
#OT #Advisory VDE-2026-006
Pilz: Multiple Vulnerabilities affecting the PIT User Authentication Service
The PIT User Authentication Service is affected by multiple vulnerabilities in included third-party components.
#CVE CVE-2025-31650, CVE-2025-48988, CVE-2025-12383, CVE-2025-61795
https://certvde.com/en/advisories/vde-2026-006/
#CSAF https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2026/ppsa-2026-001.json
#OT #Advisory VDE-2025-092
Beckhoff: Privilege escalation and information leak via Beckhoff Device Manager
The vulnerability CVE-2025-41726 (NN-2025-0074) allows an authenticated remote user to execute arbitrary commands on the device. This can be exploited over the web UI or via API. In one case the execution of the arbitrary command happens within a privileged process.
#CVE CVE-2025-41726, CVE-2025-41727, CVE-2025-41728
https://certvde.com/en/advisories/vde-2025-092/
#CSAF https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-092.json
#OT #Advisory VDE-2025-107
Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities
Multiple vulnerabilities in a Qualcomm component have been reported in a closed-source report. This component is an integral part of the radio chip found in several Endress+Hauser products.
#CVE CVE-2022-33259, CVE-2022-33211, CVE-2022-25740, CVE-2022-25729, CVE-2022-25678, CVE-2020-3686, CVE-2020-11170, CVE-2019-2320, CVE-2019-2303, CVE-2019-14062, CVE-2019-10612, CVE-2019-10609, CVE-2019-10586, CVE-2019-10516, CVE-2019-10511, CVE-2019-10500, CVE-2019-10487, CVE-2020-3670, CVE-2020-3634, CVE-2020-11190, CVE-2020-11189, CVE-2020-11188, CVE-2020-11171, CVE-2020-11166, CVE-2020-11144, CVE-2019-14033, CVE-2019-14020, CVE-2019-14019, CVE-2019-14011, CVE-2019-10577, CVE-2019-10554, CVE-2019-10553, CVE-2019-10552, CVE-2020-11269, CVE-2020-11177, CVE-2022-25698, CVE-2022-25697, CVE-2022-25695, CVE-2023-21625, CVE-2022-33235, CVE-2022-33229, CVE-2022-33228, CVE-2022-33222, CVE-2022-25747, CVE-2022-25738, CVE-2022-25732, CVE-2022-25730, CVE-2022-25728, CVE-2022-25726, CVE-2020-11251, CVE-2020-11191, CVE-2020-3624, CVE-2020-3622, CVE-2020-11204, CVE-2020-11178, CVE-2019-14094, CVE-2019-14077, CVE-2019-14076, CVE-2019-14074, CVE-2019-14071, CVE-2019-14066, CVE-2019-14065, CVE-2019-14056, CVE-2019-14050, CVE-2019-14030, CVE-2019-14015, CVE-2019-14000, CVE-2019-13999, CVE-2019-13998, CVE-2019-13995, CVE-2019-13994, CVE-2019-10628, CVE-2019-10615, CVE-2019-10527, CVE-2022-33304, CVE-2022-33238, CVE-2022-33223, CVE-2022-33213, CVE-2022-25739, CVE-2022-25737, CVE-2022-25735, CVE-2022-25734, CVE-2022-25733, CVE-2022-25731, CVE-2022-25702, CVE-2021-30273, CVE-2020-11226, CVE-2020-11145, CVE-2019-2337, CVE-2019-2335, CVE-2019-14022, CVE-2019-10485, CVE-2019-14101, CVE-2019-14043, CVE-2019-14042, CVE-2019-10574, CVE-2019-14119, CVE-2019-10482, CVE-2020-3644, CVE-2020-3643, CVE-2020-3621, CVE-2020-3620, CVE-2019-2295, CVE-2019-14115, CVE-2019-14067, CVE-2019-14007, CVE-2019-10513, CVE-2020-11293
https://certvde.com/en/advisories/vde-2025-107/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-107.json
#OT #Advisory VDE-2025-106
Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.
#CVE CVE-2025-41768
https://certvde.com/en/advisories/vde-2025-106/
#CSAF https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-106.json
#OT #Advisory VDE-2025-073
Phoenix Contact: Security Advisory for TC ROUTER and CLOUD CLIENT Industrial mobile network routers
A code injection vulnerability at the upload-config endpoint in the firmware of TC ROUTER and CLOUD CLIENT Industrial Mobile network routers has been discovered that can be exploited by an high privileged attacker.
#CVE CVE-2025-41717
https://certvde.com/en/advisories/vde-2025-073/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-073.json
#OT #Advisory VDE-2025-089
BLE ICM Vulnerability in JBL Headphones
The BLE controller in certain consumer products fails to properly validate the channel map field in connection requests, enabling attackers within radio range to cause a denial of service through a specially crafted packet.
#CVE CVE-2024-2105
https://certvde.com/en/advisories/vde-2025-089/
#oCSAF #CSAF https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0002.json
#OT #Advisory VDE-2024-076
BLE GATT Service Vulnerability in JBL Headphones
Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and write device control commands through the mobile app service.
#CVE CVE-2024-2104
https://certvde.com/en/advisories/vde-2024-076/
#oCSAF #CSAF https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json
#OT #Advisory VDE-2025-071
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx firmware prior to version 3.50. Two of these (CVE-2025-41692 and CVE-2025-41696) enable an attacker to access the device's file system. Two other vulnerabilities (CVE-2025-41693 and CVE-2025-41694) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2025-41697) allows an unauthenticated physical attacker to access a login shell via an undocumented UART port. Furthermore, there are multiple vulnerabilities relating to reflected cross-site scripting in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.50.
#CVE CVE-2025-41752, CVE-2025-41751, CVE-2025-41750, CVE-2025-41749, CVE-2025-41748, CVE-2025-41747, CVE-2025-41746, CVE-2025-41745, CVE-2025-41695, CVE-2025-41697, CVE-2025-41692, CVE-2025-41694, CVE-2025-41696, CVE-2025-41693
https://certvde.com/en/advisories/vde-2025-071/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-071.json
#OT #Advisory VDE-2025-105
Endress+Hauser: Multiple products affected by Wibu-Systems CodeMeter Vulnerability
A vulnerability in Wibu-Systems CodeMeter (up to version 7.60b) affects multiple Endress+Hauser products. This flaw can lead to a heap buffer overflow, which may allow remote code execution under certain conditions.
#CVE CVE-2023-3935
https://certvde.com/en/advisories/vde-2025-105/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-105.json
#OT #Advisory VDE-2025-101
CODESYS Development System - Deserialization of Untrusted Data
A vulnerability has been discovered in the print engine of the CODESYS development system. If a CODESYS project file or archive file was crafted in a specific way, the CODESYS development system could execute arbitrary code when a user opens these files and configures the print/printer options or prints the project or parts of it. This arbitrary code would be executed in the context of the user who was tricked into opening the project.
#CVE CVE-2025-41700
https://certvde.com/en/advisories/vde-2025-101/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-11_vde-2025-101.json
#OT #Advisory VDE-2025-100
CODESYS Control - Invalid type usage in visualization
A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The issue is triggered by an internal read access using a pointer of wrong type.
#CVE CVE-2025-41738
https://certvde.com/en/advisories/vde-2025-100/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-10_vde-2025-100.json
#OT #Advisory VDE-2025-099
CODESYS Control - Linux/QNX SysSocket flaw
A vulnerability has been identified in the CODESYS Control runtime system, which includes an abstraction layer designed to ensure compatibility across different operating systems. This layer is used both by affected CODESYS products and by applications running on the PLC.
#CVE CVE-2025-41739
https://certvde.com/en/advisories/vde-2025-099/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-09_vde-2025-099.json
#OT #Advisory VDE-2025-094
Janitza: Vulnerability in Modbus interface of UMG 96-PA and UMG 96-PA-MID+
A vulnerability in the devices UMG 96-PA and UMG 96-PA-MID+ enables an unauthenticated remote attacker to cause the device to become unavailable.
#CVE CVE-2025-41729
https://certvde.com/en/advisories/vde-2025-094/
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-094.json
#OT #Advisory VDE-2025-097
METZ CONNECT: Config API – Authentication bypass leads to admin takeover in EWIO2 series
A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, and potentially render the device non-functional.
#CVE CVE-2025-41734, CVE-2025-41733, CVE-2025-41736, CVE-2025-41735, CVE-2025-41737
https://certvde.com/en/advisories/vde-2025-097/
#CSAF https://metz-connect.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-097.json
#OT #Advisory VDE-2025-086
Jumo: Predictable debug-interface password in variTRON series
Unauthorized root-access to the UART and ssh Interface.
#CVE CVE-2025-41731
https://certvde.com/en/advisories/vde-2025-086/
#CSAF https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-086.json
#OT #Advisory VDE-2025-062
WAGO: Multiple Vulnerabilities in CODESYS components
Several WAGO firmwares installed on different devices are impacted by various CODESYS vulnerabilities. These affect the runtime, visualization, and OPC UA server.
#CVE CVE-2025-1468, CVE-2025-0694, CVE-2025-2595
https://certvde.com/en/advisories/vde-2025-062/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-062.json
#OT #Advisory VDE-2025-093
Pilz: Vulnerability affecting PASvisu Runtime
The PASvisu Runtime is affected by a vulnerability in a third-party component which can be exploited by a malicious web request.
#CVE CVE-2025-51495
https://certvde.com/en/advisories/vde-2025-093/
#CSAF https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2025/ppsa-2025-004.json
#OT #Advisory VDE-2025-091
Murrelektronik: Cleartext Transmission of Sensitive Information in IMPACT67 Pro
User credentials, sent to the devices Webserver, are exposed to an attacker in the same network or network segment. The datas confidentiallity is compromised.
#CVE CVE-2025-41718
https://certvde.com/en/advisories/vde-2025-091/
#CSAF https://murrelektronik.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-091.json
#OT #Advisory VDE-2025-074
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
A vulnerability in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
#CVE CVE-2025-41699
https://certvde.com/en/advisories/vde-2025-074/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-074.json
#OT #Advisory VDE-2025-072
Phoenix Contact: Security Advisory for QUINT4-UPS EIP
Multiple vulnerabilities were discovered in the firmware of QUINT4-UPS EIP devices that can be used by an unauthenticated remote attacker to perform Denial of Service attacks and to gather login credentials for the Webfrontend.
#CVE CVE-2025-41703, CVE-2025-41705, CVE-2025-41707, CVE-2025-41706, CVE-2025-41704
https://certvde.com/en/advisories/vde-2025-072/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-072.json