#OT #Advisory VDE-2026-013
Helmholz: Use of a Broken or Risky Cryptographic Algorithm

Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
#CVE CVE-2016-2183

https://certvde.com/en/advisories/vde-2026-013/
#oCSAF
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json

#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230

An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/

#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json

#OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E

An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711

https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json

#OT #Advisory VDE-2026-001
METTLER TOLEDO: ASP.NET core vulnerability in LabX

LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
#CVE CVE-2025-55315

https://certvde.com/en/advisories/vde-2026-001/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-001.json

#OT #Advisory VDE-2026-002
Endress+Hauser: buffer overflow in glibc ld.so leading to privilege escalation

A vulnerability has been identified in WAGO devices utilized in Endress+Hauser IoT solutions. WAGO has provided fixes for these vulnerabilities, which have been integrated into the solutions by Endress+Hauser.
#CVE CVE-2023-4911

https://certvde.com/en/advisories/vde-2026-002/
#oCSAF
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-002.json

#OT #Advisory VDE-2026-0001
JBL: DoS vulnerability in Flip 4

Any attacker in radio range can send malicious messages to cause the device to crash.
#CVE CVE-2025-41725

https://certvde.com/en/advisories/vde-2026-0001/

#CSAF https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2026/hbsa-2025-0003.json #oCSAF

#OT #Advisory VDE-2025-089
BLE ICM Vulnerability in JBL Headphones

The BLE controller in certain consumer products fails to properly validate the channel map field in connection requests, enabling attackers within radio range to cause a denial of service through a specially crafted packet.
#CVE CVE-2024-2105

https://certvde.com/en/advisories/vde-2025-089/

#oCSAF #CSAF https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0002.json

#OT #Advisory VDE-2024-076
BLE GATT Service Vulnerability in JBL Headphones

Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and write device control commands through the mobile app service.
#CVE CVE-2024-2104

https://certvde.com/en/advisories/vde-2024-076/

#oCSAF #CSAF https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json

Congratulations, Cybersecurity and Infrastructure Security Agency, and Jen Easterly (CISA) on publishing the #OT #Advisories as #oCSAF! 👏

This is an important step which will allow all asset owners a faster and more effective review of security advisories.
@certbund already put you up on our #oCSAF Lister: https://wid.cert-bund.de/.well-known/csaf-aggregator/aggregator.json