Vulnerability Key Information Jumo: Predictable debug-interface password in variTRON series ID: VDE-2025-086 Date: November 10, 2025, 12:00 PM CVE: CVE-2025-41731 Description: A vulnerability in the debug interface password generation algorithm of the variTRON series. The password is generated based on the current Unix timestamp, making it predictable. WAGO: Multiple Vulnerabilities in CODESYS components ID: VDE-2025-062 Date: November 3, 2025, 12:00 PM CVE: CVE-2025-1468, CVE-2025-0694, CVE-2025-2595 Description: Multiple WAGO firmware installations on various devices are affected by vulnerabilities in CODESYS components, impacting runtime, visualization, and OPC UA server. Sauter: Multiple vulnerabilities in SAUTER modulo 6 ID: VDE-2025-060 Date: October 27, 2025, 12:00 PM CVE: CVE-2025-41723, CVE-2025-41719, CVE-2025-41724, CVE-2025-41722, CVE-2025-41720, CVE-2025-41721 Description: Vulnerabilities discovered in the embedded firmware of SAUTER modulo 6 devices, affecting the embedded web server and interface with SAUTER CASE Suite. Pilz: Vulnerability affecting PASvisu Runtime ID: VDE-2025-093 Date: October 20, 2025, 12:00 PM CVE: CVE-2025-51495 Description: PASvisu Runtime is affected by a vulnerability in a third-party component, exploitable via malicious web requests. Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers ID: VDE-2025-074 Date: October 15, 2025, 12:00 PM CVE: CVE-2025-41699 Description: A vulnerability discovered in the firmware of CHARX SEC-3xxx charging controllers. Murrelektronik: Cleartext Transmission of Sensitive Information in IMPACT67 Pro ID: VDE-2025-091 Date: October 14, 2025, 12:00 PM CVE: CVE-2025-41718 Description: The embedded web interface of MURRELEKTRONIK IMPACT67 Pro PN DIO8 IOL8 transmits login credentials via unencrypted HTTP using GET requests. The device does not support HTTPS/TLS, leading to exposure of sensitive information. Phoenix Contact: Security Advisory for QUINT4-UPS EIP ID: VDE-2025-072 Date: October 14, 2025, 8:00 AM CVE: CVE-2025-41703, CVE-2025-41705, CVE-2025-41707, CVE-2025-41706, CVE-2025-41704 Description: Multiple vulnerabilities found in the firmware of QUINT4-UPS EIP devices. Unauthenticated remote attackers can exploit these to perform denial-of-service attacks and collect login credentials. WAGO: Vulnerabilities in Device Sphere and Solution Builder ID: VDE-2025-087 Date: September 24, 2025, 11:00 AM CVE: CVE-2025-41715, CVE-2025-41716 Description: Due to missing authentication checks, WAGO Solution Builder and WAGO Device Sphere are vulnerable to potential information disclosure.