#OT #Advisory VDE-2026-070
Helmholz: Authenticated unintended access to critical program parameters in myREX24V2/myREX24V2.virtual

There is a vulnerability in myREX24V2/myREX24V2.virtual that allows an authenticated remote attacker to access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters.
#CVE CVE-2026-10521

https://certvde.com/en/advisories/vde-2026-070/

#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-070.json

#OT #Advisory VDE-2026-071
JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices

Multiple products from JUMO are affected by webserver vulnerability "CVE-2013-6786, CVE-2014-9222, CVE-2014-9223. This vulnerability leads to DOS of the device by using a misfortune cookie and reflected XSS attacks.
#CVE CVE-2014-9222, CVE-2013-6786, CVE-2014-9223

https://certvde.com/en/advisories/vde-2026-071/

#CSAF https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-071.json

#OT #Advisory VDE-2026-068
MB connect line: Authenticated unintended access to critical program parameters in mbCONNECT24/mymbCONNECT24

There is a vulnerability in mbCONNECT24/mymbCONNECT24 that allows an authenticated remote attacker to access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters.
#CVE CVE-2026-10521

https://certvde.com/en/advisories/vde-2026-068/

#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-068.json

#OT #Advisory VDE-2026-051
iba: Deserialization vulnerability in ibaPDA and ibaDatCoordinator

Remote Code Execution (RCE) running under the service user account, thereby allowing privilege escalation.
#CVE CVE-2026-8024

https://certvde.com/en/advisories/vde-2026-051/
#oCSAF
#CSAF https://iba.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-051.json

#OT #Advisory VDE-2026-038
TURCK: Multiple Vulnerabilities in Managed Ethernet Switches

Multiple vulnerabilities have been identified in the TBEN-Lx-SE-M2 firmware prior to version 2.1.2.0 in Managed Ethernet Switches.
#CVE CVE-2025-68615, CVE-2026-5416

https://certvde.com/en/advisories/vde-2026-038/

#CSAF https://turck.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-038.json

👉 Ihr folgt uns als BSI hier im Fediverse und wollt keine IT-Sicherheitsmitteilung unseres CERT-Bund, dem Computer Emergency Response Team für Bundesbehörden, verpassen? Dann folgt auch @certbund, der zentralen Anlaufstelle für präventive und reaktive Maßnahmen bei sicherheitsrelevanten Vorfällen in Computer-Systemen.

CERT-Bund ist Mitglied des #CSIRTsNetwork der EU und ein starker Unterstützer des Common Security Advisory Framework #CSAF.

Gern weitersagen! 🔄

#OT #Advisory VDE-2026-064
METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3

Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.
#CVE CVE-2025-68121, CVE-2018-15727, CVE-2025-15467, CVE-2023-36414, CVE-2024-0056, CVE-2025-68154, CVE-2026-24737, CVE-2021-24112, CVE-2025-58187, CVE-2025-9230, CVE-2025-15281, CVE-2026-21218, CVE-2026-26127, CVE-2026-26130, CVE-2026-0915, CVE-2026-2391, CVE-2026-22036, CVE-2024-43483, CVE-2023-29331, CVE-2025-69419, CVE-2025-46817

https://certvde.com/en/advisories/vde-2026-064/

#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-064.json

#OT #Advisory VDE-2026-059
Helmholz: Multiple vulnerabilities in REX100/REX200/REX250

Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
#CVE CVE-2026-40851, CVE-2026-40852

https://certvde.com/en/advisories/vde-2026-059/

#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-059.json

#OT #Advisory VDE-2026-054
MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini

Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
#CVE CVE-2026-40851, CVE-2026-40852

https://certvde.com/en/advisories/vde-2026-054/

#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-054.json

#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual

Multiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820

https://certvde.com/en/advisories/vde-2026-058/

#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json