Weidmueller product ResMa is affected by ASP.NET AJAX vulnerability.
Weidmueller has released a new firmware for the affected product to fix the vulnerability.
#CVE CVE-2025-3600

https://certvde.com/en/advisories/VDE-2025-041

#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-041.json

certvde.comVDE-2025-041 | CERT@VDEAdvisories

**CERT@VDE** @certvde@infosec.exchange · May 7

May 7

CERT@VDE @certvde@infosec.exchange

#OT #Advisory #Update VDE-2023-046
WAGO: Multiple products vulnerable to local file inclusion

An attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way.
UPDATE 07.05.2025: The fixed versions have been updated, because the previously mentioned versions are still vulnerable to this issue. More details have been added to the hardware devices. More affected version numbers were added to the firmwares.
#CVE CVE-2023-4089

https://certvde.com/en/advisories/VDE-2023-046

#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-046.json

certvde.comVDE-2023-046 | CERT@VDEAdvisories

**CERT@VDE** @certvde@infosec.exchange · Mar 17

Mar 17

CERT@VDE @certvde@infosec.exchange

Searching for an #OT #Advisory?
Want it machine readable?
Have a look at our #csaf aggregator https://aggregator.certvde.com for advisories of 35+ OT and #ICS vendors that partner with CERT@VDE.

See https://certvde.com/en/more/csaf/ for a full list of the trusted providers used on the aggregator.

**Bernhard E. Reiter** @ber@social.tchncs.de · Oct 24, 2024

Oct 24, 2024

Bernhard E. Reiter @ber@social.tchncs.de

Automating finding and parsing of security advisories? That is what the Common Security Advisory Framework (CSAF) attempts to. https://csaf.io. There are going to be workshops and community days in the 2nd week of December in Germany. See https://csaf.io/workshop/ .

#Security #CSAF

The call for presentations is until the 3rd of November. The location is still to be announced within Germany. I guess Munich or Bonn. (My company is contracted by the BSI to help with CSAF software and spec)

oasis-open.github.ioCommon Security Advisory Framework (CSAF) | HomeThe Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON. The term Security Advisory describes any notification of security issues in products to or from product vendors, Product Security Incident Response Teams (PSIRTs), product resellers and distributors, and others. The focus of the term is on the security aspect impacting specific product-platform-version combinations. Developers of security scanning tools in particular are likely to find CSAF files most useful. CSAF supports the Vulnerability Exploitability eXchange (VEX) as a Profile and it is crucial in the software bill of materials (SBOM) ecosystem.

**fukami** @fukami · Jun 26, 2024

Jun 26, 2024

fukami @fukami

My slides from the workshop at the Huawei Cyber Security Week https://www.fukami.eu/d/ossf-huawei-hcstcbxl-620.pdf

#PDE #CRA #NIS2

**circl** @circl@social.circl.lu · Apr 17, 2024

Apr 17, 2024

circl @circl@social.circl.lu

vulnerability-lookup version v0.7.0 has been released.

- News feed added
- Support for CSAF sources (CERT Bund, RedHat, Siemens, CISA, CISCO, Nozomi Networks, OpenXchange, SICK)
- OSSF Malicious packages repository
- Pagination for recent vulnerabilities (API & Web)

Source code https://github.com/cve-search/vulnerability-lookup/releases/tag/v0.7.0

Vulnerability lookup online https://vulnerability.circl.lu/

GitHubRelease v0.7.0 · cve-search/vulnerability-lookupNew Features News feed by @cedricbonhomme in #30 Support for CSAF sources (CERT Bund, RedHat, Siemens, CISA, CISCO, Nozomi Networks, OpenXchange, SICK) OSSF Malicious packages repository Paginatio...

#cve #vulnerability #vulnerabilities