| Website | https://certvde.com |
| Advisories | https://certvde.com/en/advisories/ |
| GitHub | https://github.com/CERTVDE |
#OT #Advisory VDE-2026-013
Helmholz: Use of a Broken or Risky Cryptographic Algorithm
Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
#CVE CVE-2016-2183
https://certvde.com/en/advisories/vde-2026-013/
#oCSAF
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json
#OT #Advisory VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
#CVE CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617
https://certvde.com/en/advisories/vde-2026-030/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
#OT #Advisory VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub
The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
#CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798
https://certvde.com/en/advisories/vde-2026-021/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
#OT #Advisory VDE-2026-010
WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere
Multiple vulnerabilities have been identified in WAGO Solution Builder and WAGO Device Sphere that affect components responsible for authentication and system communication.
#CVE CVE-2025-55315, CVE-2026-2328
https://certvde.com/en/advisories/vde-2026-010/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-010.json
#OT #Advisory VDE-2026-018
CODESYS Control V3 - Externally-controlled format string in Auditlog
The CODESYS Control runtime system's CmpAuditLog component allows potentially unauthenticated remote attackers to control the format string of processed log messages. Due to the internal processing logic, the impact is limited to a crash of the CODESYS Control runtime.
#CVE CVE-2026-3509
https://certvde.com/en/advisories/vde-2026-018/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-03_vde-2026-018.json
#OT #Advisory VDE-2026-011
CODESYS Control V3 - Untrusted boot application
The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups. While only the privileged Administrators and Developer groups are intended to load or debug applications on the controller, users in the restricted Service group are allowed to perform maintenance operations, including explicitly replacing the boot application.
#CVE CVE-2025-41660
https://certvde.com/en/advisories/vde-2026-011/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-02_vde-2026-011.json
#OT #Advisory VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-025/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-025.json
#OT #Advisory VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-024/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-024.json
#OT #Advisory VDE-2026-020
WAGO: Vulnerability in managed switches
A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function.
#CVE CVE-2026-3587
https://certvde.com/en/advisories/vde-2026-020/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-020.json
