CERT@VDEJun 18

#OT #Advisory VDE-2026-051
iba: Deserialization vulnerability in ibaPDA and ibaDatCoordinator

Remote Code Execution (RCE) running under the service user account, thereby allowing privilege escalation.
#CVE CVE-2026-8024

https://certvde.com/en/advisories/vde-2026-051/
#oCSAF
#CSAF https://iba.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-051.json

iba: Deserialization vulnerability in ibaPDA and ibaDatCoordinator

CERT@VDEApr 23

#OT #Advisory VDE-2026-040
CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35225

https://certvde.com/en/advisories/vde-2026-040/
#oCSAF
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json

CODESYS EtherNetIP - Improper timeout handling

CERT@VDEApr 23

#OT #Advisory VDE-2026-029
METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances

MX/MR firmware V2.0.0 or earlier is affected by the OpenSSL vulnerability CVE-2025-15467.
#CVE CVE-2025-15467

https://certvde.com/en/advisories/vde-2026-029/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-029.json

METTLER TOLEDO: OpenSSL vulnerability in MX and MR balances

CERT@VDEApr 9

#OT #Advisory VDE-2024-008
Wago: Vulnerability in WBM through Open VPN

A security vulnerability has been identified in the Web-Based Management (WBM) function when OpenVPN is enabled.
#CVE CVE-2024-1490

https://certvde.com/en/advisories/vde-2024-008/
#oCSAF
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2024-008.json

Wago: Vulnerability in WBM through Open VPN

CERT@VDEApr 7

#OT #Advisory VDE-2026-013
Helmholz: Use of a Broken or Risky Cryptographic Algorithm

Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
#CVE CVE-2016-2183

https://certvde.com/en/advisories/vde-2026-013/
#oCSAF
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json

CERT@VDEMar 10

#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230

An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/

#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json

Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230

CERT@VDEMar 10

#OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E

An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711

https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json

Janitza: Multiple vulnerabilities in UMG 96RM-E

CERT@VDEMar 4

#OT #Advisory VDE-2026-001
METTLER TOLEDO: ASP.NET core vulnerability in LabX

LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
#CVE CVE-2025-55315

https://certvde.com/en/advisories/vde-2026-001/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-001.json

METTLER TOLEDO: ASP.NET core vulnerability in LabX

CERT@VDEMar 2

#OT #Advisory VDE-2026-002
Endress+Hauser: buffer overflow in glibc ld.so leading to privilege escalation

A vulnerability has been identified in WAGO devices utilized in Endress+Hauser IoT solutions. WAGO has provided fixes for these vulnerabilities, which have been integrated into the solutions by Endress+Hauser.
#CVE CVE-2023-4911

https://certvde.com/en/advisories/vde-2026-002/
#oCSAF
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-002.json

Endress+Hauser: buffer overflow in glibc ld.so leading to privilege escalation

CERT@VDEFeb 18

#OT #Advisory VDE-2026-0001
JBL: DoS vulnerability in Flip 4

Any attacker in radio range can send malicious messages to cause the device to crash.
#CVE CVE-2025-41725

https://certvde.com/en/advisories/vde-2026-0001/

#CSAF https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2026/hbsa-2025-0003.json #oCSAF

JBL: DoS vulnerability in Flip 4