Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-3323 (GCVE-0-2026-3323)
Vulnerability from cvelistv5 – Published: 2026-04-28 10:24 – Updated: 2026-04-28 12:11- CWE-306 - Missing Authentication for Critical Function
| URL | Tags |
|---|---|
| https://certvde.com/en/advisories/VDE-2026-016 | vendor-advisory |
| https://vega.csaf-tp.certvde.com/.well-known/csaf… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| VEGA Grieshaber | VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL) |
Affected:
1.0.0
|
|
| VEGA Grieshaber | VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL) |
Affected:
1.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T12:10:38.211626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:11:34.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"vendor": "VEGA Grieshaber",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"vendor": "VEGA Grieshaber",
"versions": [
{
"status": "affected",
"version": "1.1.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Product Security Unit at VEGA Grieshaber KG"
}
],
"datePublic": "2026-04-22T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.\u003cbr\u003e"
}
],
"value": "An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T10:24:19.411Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2026-016"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json"
}
],
"source": {
"advisory": "VDE-2026-016",
"defect": [
"CERT@VDE#641966"
],
"discovery": "INTERNAL"
},
"title": "VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-3323",
"datePublished": "2026-04-28T10:24:19.411Z",
"dateReserved": "2026-02-27T11:10:05.931Z",
"dateUpdated": "2026-04-28T12:11:34.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-3323",
"date": "2026-07-09",
"epss": "0.00405",
"percentile": "0.32559"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-3323\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2026-04-28T11:16:05.967\",\"lastModified\":\"2026-06-17T10:43:24.137\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.\"}],\"affected\":[{\"source\":\"info@cert.vde.com\",\"affectedData\":[{\"vendor\":\"VEGA Grieshaber\",\"product\":\"VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"1.0.0\",\"status\":\"affected\"}]},{\"vendor\":\"VEGA Grieshaber\",\"product\":\"VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"1.1.0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-28T12:10:38.211626Z\",\"id\":\"CVE-2026-3323\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vega:vegapuls_6x_firmware:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA4A5882-65D9-44A6-9A9B-2A0B1F644CA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vega:vegapuls_6x_firmware:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F505C3EA-1CD8-4219-9756-2E74D83EEA4A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vega:vegapuls_6x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"191D2BDC-D3D4-494B-9FFA-C808FAA3298F\"}]}]}],\"references\":[{\"url\":\"https://certvde.com/en/advisories/VDE-2026-016\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2026-06-05T19:21:36+00:00",
"cve": "CVE-2026-3323",
"id": "CVE-2026-3323",
"initial_release_date": "2026-04-22T10:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3323.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)\", \"vendor\": \"VEGA Grieshaber\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)\", \"vendor\": \"VEGA Grieshaber\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.0.0:*:*:*:*:*:*:*\", \"vulnerable\": true}], \"negate\": false, \"operator\": \"OR\"}, {\"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.1.0:*:*:*:*:*:*:*\", \"vulnerable\": true}], \"negate\": false, \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Product Security Unit at VEGA Grieshaber KG\"}], \"datePublic\": \"2026-04-22T10:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.\u003cbr\u003e\"}], \"value\": \"An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2026-04-28T10:24:19.411Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://certvde.com/en/advisories/VDE-2026-016\"}, {\"tags\": [\"vendor-advisory\"], \"url\": \"https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json\"}], \"source\": {\"advisory\": \"VDE-2026-016\", \"defect\": [\"CERT@VDE#641966\"], \"discovery\": \"INTERNAL\"}, \"title\": \"VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-3323\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-28T12:10:38.211626Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-28T12:11:11.751Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-3323\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"CERTVDE\", \"dateReserved\": \"2026-02-27T11:10:05.931Z\", \"datePublished\": \"2026-04-28T10:24:19.411Z\", \"dateUpdated\": \"2026-04-28T12:11:34.980Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-3323
Vulnerability from fkie_nvd - Published: 2026-04-28 11:16 - Updated: 2026-06-17 10:43| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://certvde.com/en/advisories/VDE-2026-016 | Third Party Advisory | |
| info@cert.vde.com | https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json | Third Party Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| vega | vegapuls_6x_firmware | 1.0.0 | |
| vega | vegapuls_6x_firmware | 1.1.0 | |
| vega | vegapuls_6x | - |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"vendor": "VEGA Grieshaber",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"vendor": "VEGA Grieshaber",
"versions": [
{
"status": "affected",
"version": "1.1.0"
}
]
}
],
"source": "info@cert.vde.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vega:vegapuls_6x_firmware:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4A5882-65D9-44A6-9A9B-2A0B1F644CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vega:vegapuls_6x_firmware:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F505C3EA-1CD8-4219-9756-2E74D83EEA4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vega:vegapuls_6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "191D2BDC-D3D4-494B-9FFA-C808FAA3298F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes."
}
],
"id": "CVE-2026-3323",
"lastModified": "2026-06-17T10:43:24.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-3323",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T12:10:38.211626Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-04-28T11:16:05.967",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://certvde.com/en/advisories/VDE-2026-016"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
GHSA-RJQM-M642-MM46
Vulnerability from github – Published: 2026-04-28 12:31 – Updated: 2026-04-28 12:31An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
{
"affected": [],
"aliases": [
"CVE-2026-3323"
],
"database_specific": {
"cwe_ids": [
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-28T11:16:05Z",
"severity": "HIGH"
},
"details": "An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.",
"id": "GHSA-rjqm-m642-mm46",
"modified": "2026-04-28T12:31:31Z",
"published": "2026-04-28T12:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3323"
},
{
"type": "WEB",
"url": "https://certvde.com/en/advisories/VDE-2026-016"
},
{
"type": "WEB",
"url": "https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
VDE-2026-016
Vulnerability from csaf_vegagrieshaberkg - Published: 2026-04-22 09:00 - Updated: 2026-06-24 10:00An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Product Security Unit at VEGA Grieshaber KG",
"summary": "reporting",
"urls": [
"https://www.vega.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "high"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.\n\nIt was found that users with no or low rights can access information from devices that should not be available to them.\n\nAn attacker can use this information to impersonate authorized users.",
"title": "Summary"
},
{
"category": "description",
"text": "An unauthenticated attacker can obtain sensitive information, potentially enabling authenticated device modification.",
"title": "Impact"
},
{
"category": "description",
"text": "Implement access controls for physical interfaces to prevent unauthorized access.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the fixed firmware versions listed in this advisory. Rotate any credentials used on affected devices as they may have been compromised. Contact VEGA Support if emergency code rotation is necessary based on your risk assessment.\n\nFixed Version:\n* Firmware 1.1.1 installed on VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"title": "Remediation"
},
{
"category": "general",
"text": "Implement access controls for physical interfaces to prevent unauthorized access.",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@vega.com",
"name": "VEGA Grieshaber KG",
"namespace": "https://vega.com"
},
"references": [
{
"category": "external",
"summary": "VEGA Grieshaber PSIRT",
"url": "https://www.vega.com/en-us/company/legal-notice/information-on-cyber-security"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for VEGA Grieshaber",
"url": "https://certvde.com/en/advisories/vendor/vega"
},
{
"category": "self",
"summary": "VDE-2026-016: VEGA: Unsecured Configuration Interface Allows Unauthorized Access Leading to Privilege Escalation - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-016"
},
{
"category": "self",
"summary": "VDE-2026-016: VEGA: Unsecured Configuration Interface Allows Unauthorized Access Leading to Privilege Escalation - CSAF",
"url": "https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json"
}
],
"title": "VEGA: Unsecured Configuration Interface Allows Unauthorized Access Leading to Privilege Escalation",
"tracking": {
"aliases": [
"VDE-2026-016"
],
"current_release_date": "2026-06-24T10:00:00.000Z",
"generator": {
"date": "2026-06-24T08:37:11.878Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44"
}
},
"id": "VDE-2026-016",
"initial_release_date": "2026-04-22T09:00:00.000Z",
"revision_history": [
{
"date": "2026-04-22T09:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version"
},
{
"date": "2026-06-24T10:00:00.000Z",
"number": "1.0.1",
"summary": "Added fixed Version to document notes remediation"
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"product": {
"name": "VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls6x_pn_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.????????????Y????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0.0",
"product": {
"name": "Firmware 1.0.0",
"product_id": "CSAFPID-21001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.0.0:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.1.0",
"product": {
"name": "Firmware 1.1.0",
"product_id": "CSAFPID-21002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.1.0:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.1.1",
"product": {
"name": "Firmware 1.1.1",
"product_id": "CSAFPID-22001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.1.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)"
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "VEGA Grieshaber KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0.0 installed on VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.0.0:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.????????????Y????????"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.1.0 installed on VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.1.0:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.????????????Y????????"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.1.1 installed on VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_pn_firmware:1.1.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.????????????Y????????"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-3323",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.",
"title": "CVE Description"
},
{
"category": "details",
"text": "Due to different bus and network interfaces the affected products have different CVSS vectors. Please see the scores listed in the CSAF for details.",
"title": "Vulnerability details"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"references": [
{
"category": "external",
"summary": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Disable the network service \u0027FDI over PROFINET\u0027 if not needed. Implement access control to physical interfaces to prevent unauthorized access.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
{
"category": "vendor_fix",
"details": "Update to fixed firmware versions listed in this advisory.\n\nRotate any credentials that were used on the affected devices as they may have been compromised.\n\nContact VEGA Support if rotating emergency codes is necessary based on your risk assessment.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002"
],
"restart_required": {
"category": "vulnerable_component",
"details": "A restart of the vulnerable component is required after applying the firmware update."
},
"url": "https://www.vega.com/en-us/downloads"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "Privilege escalation through unsecured configuration interface"
}
]
}
VDE-2026-046
Vulnerability from csaf_vegagrieshaberkg - Published: 2026-05-04 06:00 - Updated: 2026-06-24 10:00An unsecured configuration interface on the affected devices allows an unauthenticated remote attacker to gain sensitive information like hashed credentials and access codes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31002 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31003 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31004 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31005 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31006 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31007 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31008 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31009 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31010 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31011 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31012 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31013 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31014 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31015 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31016 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31017 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31018 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31019 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31020 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31021 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31022 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31023 | — |
Mitigation
Vendor Fix
fix
|
|
|
CVE-2026-3323 Reference Score
VEGA Grieshaber KG / Firmware
|
— |
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Product Security Unit at VEGA Grieshaber KG",
"summary": "reporting",
"urls": [
"https://www.vega.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "medium"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.\n\nIt was found that users with no or low rights can access information from devices that should not be available to them.\n\nAn attacker can use this information to impersonate authorized users.",
"title": "Summary"
},
{
"category": "description",
"text": "An unauthenticated attacker can obtain sensitive information, potentially enabling authenticated device modification.",
"title": "Impact"
},
{
"category": "description",
"text": "Implement access controls for physical interfaces to prevent unauthorized access.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the fixed firmware versions listed in this advisory. Rotate any credentials used on affected devices as they may have been compromised. Contact VEGA Support if emergency code rotation is necessary based on your risk assessment.\n\nFixed Versions:\n* Firmware 1.3.2 installed on VEGAPULS 6X Two-wire 4_20 mA/HART\n* Firmware 1.4.1 installed on VEGAPULS 6X Two-wire 4_20 mA/HART\n* Firmware 1.3.2 installed on VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA\n* Firmware 1.4.1 installed on VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA\n* Firmware 1.3.2 installed on VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1)\n* Firmware 1.4.1 installed on VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1)\n* Firmware 1.3.2 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz\n* Firmware 1.4.1 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz\n* Firmware 1.3.2 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC\n* Firmware 1.4.1 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC\n* Firmware 1.2.3 installed on VEGAPULS C 21 Two-wire 4_20 mA/HART\n* Firmware 1.2.2 installed on VEGAPULS C 21 Four-wire Modbus\n* Firmware 1.2.3 installed on VEGAPULS 21 Two-wire 4_20 mA/HART\n* Firmware 1.2.3 installed on VEGAPULS 31 Two-wire 4_20 mA/HART\n* Firmware 1.2.1 installed on VEGAPULS 42 Three-wire IO-Link, Transistor, 4_20 mA\n* Firmware 1.2.3 installed on VEGAPULS C 22 Two-wire 4_20 mA/HART\n* Firmware 1.2.3 installed on VEGAPULS C 23 Two-wire 4_20 mA/HART\n* Firmware 1.2.2 installed on VEGAPULS C 22 Four-wire Modbus\n* Firmware 1.2.2 installed on VEGAPULS C 23 Four-wire Modbus\n* Firmware 1.1.1 installed on VEGAPULS 6X Two-wire EtherNet/IP, Modbus TCP, OPC UA (Ethernet-APL)\n* Firmware 1.0.1 installed on VEGAPULS 6X Two-wire Profibus PA\n* Firmware 1.3.2 installed on VEGAPULS 6X Four-wire Modbus\n* Firmware 1.4.1 installed on VEGAPULS 6X Four-wire Modbus",
"title": "Remediation"
},
{
"category": "general",
"text": "Implement access controls for physical interfaces to prevent unauthorized access.",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@vega.com",
"name": "VEGA Grieshaber KG",
"namespace": "https://vega.com"
},
"references": [
{
"category": "external",
"summary": "VEGA Grieshaber PSIRT",
"url": "https://www.vega.com/en-us/company/legal-notice/information-on-cyber-security"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for VEGA Grieshaber",
"url": "https://certvde.com/en/advisories/vendor/vega"
},
{
"category": "self",
"summary": "VDE-2026-046: VEGA: Missing Authentication for critical function in VEGAPULS two- and four-wire products - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-046"
},
{
"category": "self",
"summary": "VDE-2026-046: VEGA: Missing Authentication for critical function in VEGAPULS two- and four-wire products - CSAF",
"url": "https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-046.json"
}
],
"title": "VEGA: Missing Authentication for critical function in VEGAPULS two- and four-wire products",
"tracking": {
"aliases": [
"VDE-2026-046"
],
"current_release_date": "2026-06-24T10:00:00.000Z",
"generator": {
"date": "2026-06-24T08:45:12.086Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44"
}
},
"id": "VDE-2026-046",
"initial_release_date": "2026-05-04T06:00:00.000Z",
"revision_history": [
{
"date": "2026-05-04T06:00:00.000Z",
"number": "1.0.0",
"summary": "Initial Release"
},
{
"date": "2026-05-04T09:00:00.000Z",
"number": "1.0.1",
"summary": "Updated Title"
},
{
"date": "2026-06-24T10:00:00.000Z",
"number": "1.0.2",
"summary": "Added fixed versions to document notes remediation"
}
],
"status": "final",
"version": "1.0.2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "VEGAPULS 6X Two-wire 4_20 mA/HART",
"product": {
"name": "VEGAPULS 6X Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls6x_4to20hart_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.????????????H????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA",
"product": {
"name": "VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls6x_4to20hartplussecondcurrentoutput_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????9????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1)",
"product": {
"name": "VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1)",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls6x_4to20hartovervoltprot_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????A????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz",
"product": {
"name": "VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls6x_4to20harthighvolt_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????B????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC",
"product": {
"name": "VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls6x_4to20hartlowvolt_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????I????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 21 Two-wire 4_20 mA/HART",
"product": {
"name": "VEGAPULS C 21 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc21_4to20hart_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC21.???????H?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-21"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 22 Two-wire 4_20 mA/HART",
"product": {
"name": "VEGAPULS C 22 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-11016",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc22_4to20hart_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC22.???????H?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-22"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 23 Two-wire 4_20 mA/HART",
"product": {
"name": "VEGAPULS C 23 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc23_4to20hart_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC23.???????H?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-23"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 21 Four-wire Modbus",
"product": {
"name": "VEGAPULS C 21 Four-wire Modbus",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc21_modbus_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC21.???????W?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-21"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 22 Four-wire Modbus",
"product": {
"name": "VEGAPULS C 22 Four-wire Modbus",
"product_id": "CSAFPID-11018",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc22_modbus_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC22.???????W?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-22"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 23 Four-wire Modbus",
"product": {
"name": "VEGAPULS C 23 Four-wire Modbus",
"product_id": "CSAFPID-11019",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc23_modbus_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC23.???????W?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-23"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 21 Two-wire 4_20 mA/HART",
"product": {
"name": "VEGAPULS 21 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls21_4to20hart_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS21.???????H?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-21"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 31 Two-wire 4_20 mA/HART",
"product": {
"name": "VEGAPULS 31 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls31_4to20hart_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS31.???????H?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-31"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 42 Three-wire IO-Link, Transistor, 4_20 mA",
"product": {
"name": "VEGAPULS 42 Three-wire IO-Link, Transistor, 4_20 mA",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls42_iolink_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS42.????????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-42"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 6X Two-wire EtherNet/IP, Modbus TCP, OPC UA (Ethernet-APL)",
"product": {
"name": "VEGAPULS 6X Two-wire EtherNet/IP, Modbus TCP, OPC UA (Ethernet-APL)",
"product_id": "CSAFPID-11020",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls6x_ethip_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????X????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 6X Two-wire Profibus PA",
"product": {
"name": "VEGAPULS 6X Two-wire Profibus PA",
"product_id": "CSAFPID-11021",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls6x_profibuspa_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????P????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS 6X Four-wire Modbus",
"product": {
"name": "VEGAPULS 6X Four-wire Modbus",
"product_id": "CSAFPID-11022",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls6x_modbus_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????W????????"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.3.2",
"product": {
"name": "Firmware \u003c 1.3.2",
"product_id": "CSAFPID-21001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hart_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003e=1.4.0|\u003c1.4.1",
"product": {
"name": "Firmware \u003e= 1.4.0 and \u003c 1.4.1",
"product_id": "CSAFPID-21002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hart_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.3.2",
"product": {
"name": "Firmware 1.3.2",
"product_id": "CSAFPID-22001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hart_firmware:1.3.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.4.1",
"product": {
"name": "Firmware 1.4.1",
"product_id": "CSAFPID-22002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hart_firmware:1.4.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 6X Two-wire 4_20 mA/HART"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.3.2",
"product": {
"name": "Firmware \u003c 1.3.2",
"product_id": "CSAFPID-21003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartplussecondcurrentoutput_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003e=1.4.0|\u003c1.4.1",
"product": {
"name": "Firmware \u003e= 1.4.0 and \u003c 1.4.1",
"product_id": "CSAFPID-21004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartplussecondcurrentoutput_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.3.2",
"product": {
"name": "Firmware 1.3.2",
"product_id": "CSAFPID-22003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartplussecondcurrentoutput_firmware:1.3.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.4.1",
"product": {
"name": "Firmware 1.4.1",
"product_id": "CSAFPID-22004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartplussecondcurrentoutput_firmware:1.4.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.3.2",
"product": {
"name": "Firmware \u003c 1.3.2",
"product_id": "CSAFPID-21005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartovervoltprot_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003e=1.4.0|\u003c1.4.1",
"product": {
"name": "Firmware \u003e= 1.4.0 and \u003c 1.4.1",
"product_id": "CSAFPID-21006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartovervoltprot_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.3.2",
"product": {
"name": "Firmware 1.3.2",
"product_id": "CSAFPID-22005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartovervoltprot_firmware:1.3.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.4.1",
"product": {
"name": "Firmware 1.4.1",
"product_id": "CSAFPID-22006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartovervoltprot_firmware:1.4.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.3.2",
"product": {
"name": "Firmware \u003c 1.3.2",
"product_id": "CSAFPID-21007",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20harthighvolt_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003e=1.4.0|\u003c1.4.1",
"product": {
"name": "Firmware \u003e= 1.4.0 and \u003c 1.4.1",
"product_id": "CSAFPID-21008",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20harthighvolt_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.3.2",
"product": {
"name": "Firmware 1.3.2",
"product_id": "CSAFPID-22007",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20harthighvolt_firmware:1.3.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.4.1",
"product": {
"name": "Firmware 1.4.1",
"product_id": "CSAFPID-22008",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20harthighvolt_firmware:1.4.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.3.2",
"product": {
"name": "Firmware \u003c 1.3.2",
"product_id": "CSAFPID-21009",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartlowvolt_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003e=1.4.0|\u003c1.4.1",
"product": {
"name": "Firmware \u003e= 1.4.0 and \u003c 1.4.1",
"product_id": "CSAFPID-21010",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartlowvolt_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.3.2",
"product": {
"name": "Firmware 1.3.2",
"product_id": "CSAFPID-22009",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartlowvolt_firmware:1.3.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.4.1",
"product": {
"name": "Firmware 1.4.1",
"product_id": "CSAFPID-22010",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartlowvolt_firmware:1.4.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.3",
"product": {
"name": "Firmware \u003c 1.2.3",
"product_id": "CSAFPID-21011",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_4to20hart_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-21"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.3",
"product": {
"name": "Firmware 1.2.3",
"product_id": "CSAFPID-22011",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-21"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 21 Two-wire 4_20 mA/HART"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.3",
"product": {
"name": "Firmware \u003c 1.2.3",
"product_id": "CSAFPID-21016",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_4to20hart_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-22"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.3",
"product": {
"name": "Firmware 1.2.3",
"product_id": "CSAFPID-22016",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-22"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 22 Two-wire 4_20 mA/HART"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.3",
"product": {
"name": "Firmware \u003c 1.2.3",
"product_id": "CSAFPID-21017",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_4to20hart_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-23"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.3",
"product": {
"name": "Firmware 1.2.3",
"product_id": "CSAFPID-22017",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-23"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 23 Two-wire 4_20 mA/HART"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.2",
"product": {
"name": "Firmware \u003c 1.2.2",
"product_id": "CSAFPID-21012",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_modbus_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-21"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.2",
"product": {
"name": "Firmware 1.2.2",
"product_id": "CSAFPID-22012",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_modbus_firmware:1.2.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-21"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 21 Four-wire Modbus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.2",
"product": {
"name": "Firmware \u003c 1.2.2",
"product_id": "CSAFPID-21018",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_modbus_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-22"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.2",
"product": {
"name": "Firmware 1.2.2",
"product_id": "CSAFPID-22018",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_modbus_firmware:1.2.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-22"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 22 Four-wire Modbus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.2",
"product": {
"name": "Firmware \u003c 1.2.2",
"product_id": "CSAFPID-21019",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_modbus_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-23"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.2",
"product": {
"name": "Firmware 1.2.2",
"product_id": "CSAFPID-22019",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_modbus_firmware:1.2.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-23"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 23 Four-wire Modbus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.3",
"product": {
"name": "Firmware \u003c 1.2.3",
"product_id": "CSAFPID-21013",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls21_4to20hart_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-21"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.3",
"product": {
"name": "Firmware 1.2.3",
"product_id": "CSAFPID-22013",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls21_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-21"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 21 Two-wire 4_20 mA/HART"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.3",
"product": {
"name": "Firmware \u003c 1.2.3",
"product_id": "CSAFPID-21014",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls31_4to20hart_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-31"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.3",
"product": {
"name": "Firmware 1.2.3",
"product_id": "CSAFPID-22014",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls31_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-31"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 31 Two-wire 4_20 mA/HART"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.1",
"product": {
"name": "Firmware \u003c 1.2.1",
"product_id": "CSAFPID-21015",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls42_iolink_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-42"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.1",
"product": {
"name": "Firmware 1.2.1",
"product_id": "CSAFPID-22015",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls42_iolink_firmware:1.2.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-42"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 42 Three-wire IO-Link, Transistor, 4_20 mA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.1.1",
"product": {
"name": "Firmware \u003c 1.1.1",
"product_id": "CSAFPID-21020",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_ethip_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.1.1",
"product": {
"name": "Firmware 1.1.1",
"product_id": "CSAFPID-22020",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_ethip_firmware:1.1.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 6X Two-wire EtherNet/IP, Modbus TCP, OPC UA (Ethernet-APL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.0.1",
"product": {
"name": "Firmware \u003c 1.0.1",
"product_id": "CSAFPID-21021",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_profibuspa_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.0.1",
"product": {
"name": "Firmware 1.0.1",
"product_id": "CSAFPID-22021",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_profibuspa_firmware:1.0.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 6X Two-wire Profibus PA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.3.2",
"product": {
"name": "Firmware \u003c 1.3.2",
"product_id": "CSAFPID-21022",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_modbus_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003e=1.4.0|\u003c1.4.1",
"product": {
"name": "Firmware = 1.4.0",
"product_id": "CSAFPID-21023",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_modbus_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.3.2",
"product": {
"name": "Firmware 1.3.2",
"product_id": "CSAFPID-22022",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_modbus_firmware:1.3.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
},
{
"category": "product_version",
"name": "1.4.1",
"product": {
"name": "Firmware 1.4.1",
"product_id": "CSAFPID-22023",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_modbus_firmware:1.4.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-6x"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 6X Four-wire Modbus"
},
{
"category": "product_name",
"name": "CVE Reference Score",
"product": {
"name": "CVE-2026-3323 Reference Score",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "VEGA Grieshaber KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.3.2 installed on VEGAPULS 6X Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hart_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.????????????H????????"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware = 1.4.0 installed on VEGAPULS 6X Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hart_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.????????????H????????"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.3.2 installed on VEGAPULS 6X Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hart_firmware:1.3.2:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.????????????H????????"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.4.1 installed on VEGAPULS 6X Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-32002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hart_firmware:1.4.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.????????????H????????"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.3.2 installed on VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA",
"product_id": "CSAFPID-31003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartplussecondcurrentoutput_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????9????????"
]
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware = 1.4.0 installed on VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartplussecondcurrentoutput_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????9????????"
]
}
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.3.2 installed on VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA",
"product_id": "CSAFPID-32003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartplussecondcurrentoutput_firmware:1.3.2:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????9????????"
]
}
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.4.1 installed on VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA",
"product_id": "CSAFPID-32004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartplussecondcurrentoutput_firmware:1.4.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????9????????"
]
}
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.3.2 installed on VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1)",
"product_id": "CSAFPID-31005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartovervoltprot_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????A????????"
]
}
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware = 1.4.0 installed on VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1)",
"product_id": "CSAFPID-31006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartovervoltprot_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????A????????"
]
}
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.3.2 installed on VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1)",
"product_id": "CSAFPID-32005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartovervoltprot_firmware:1.3.2:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????A????????"
]
}
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.4.1 installed on VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1)",
"product_id": "CSAFPID-32006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartovervoltprot_firmware:1.4.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????A????????"
]
}
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.3.2 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz",
"product_id": "CSAFPID-31007",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20harthighvolt_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????B????????"
]
}
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware = 1.4.0 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz",
"product_id": "CSAFPID-31008",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20harthighvolt_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????B????????"
]
}
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.3.2 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz",
"product_id": "CSAFPID-32007",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20harthighvolt_firmware:1.3.2:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????B????????"
]
}
},
"product_reference": "CSAFPID-22007",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.4.1 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz",
"product_id": "CSAFPID-32008",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20harthighvolt_firmware:1.4.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????B????????"
]
}
},
"product_reference": "CSAFPID-22008",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.3.2 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC",
"product_id": "CSAFPID-31009",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartlowvolt_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????I????????"
]
}
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware = 1.4.0 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC",
"product_id": "CSAFPID-31010",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartlowvolt_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????I????????"
]
}
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.3.2 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC",
"product_id": "CSAFPID-32009",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartlowvolt_firmware:1.3.2:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????I????????"
]
}
},
"product_reference": "CSAFPID-22009",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.4.1 installed on VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC",
"product_id": "CSAFPID-32010",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_4to20hartlowvolt_firmware:1.4.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????I????????"
]
}
},
"product_reference": "CSAFPID-22010",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.3 installed on VEGAPULS C 21 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-31011",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_4to20hart_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC21.???????H?"
]
}
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.3 installed on VEGAPULS C 21 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-32011",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"model_numbers": [
"PSC21.???????H?"
]
}
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.3 installed on VEGAPULS C 22 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-31016",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_4to20hart_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC22.???????H?"
]
}
},
"product_reference": "CSAFPID-21016",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.3 installed on VEGAPULS C 22 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-32016",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"model_numbers": [
"PSC22.???????H?"
]
}
},
"product_reference": "CSAFPID-22016",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.3 installed on VEGAPULS C 23 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-31017",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_4to20hart_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC23.???????H?"
]
}
},
"product_reference": "CSAFPID-21017",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.3 installed on VEGAPULS C 23 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-32017",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"model_numbers": [
"PSC23.???????H?"
]
}
},
"product_reference": "CSAFPID-22017",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.2 installed on VEGAPULS C 21 Four-wire Modbus",
"product_id": "CSAFPID-31012",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_modbus_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC21.???????W?"
]
}
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.2 installed on VEGAPULS C 21 Four-wire Modbus",
"product_id": "CSAFPID-32012",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_modbus_firmware:1.2.2:*:*:*:*:*:*:*",
"model_numbers": [
"PSC21.???????W?"
]
}
},
"product_reference": "CSAFPID-22012",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.2 installed on VEGAPULS C 22 Four-wire Modbus",
"product_id": "CSAFPID-31018",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_modbus_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC22.???????W?"
]
}
},
"product_reference": "CSAFPID-21018",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.2 installed on VEGAPULS C 22 Four-wire Modbus",
"product_id": "CSAFPID-32018",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_modbus_firmware:1.2.2:*:*:*:*:*:*:*",
"model_numbers": [
"PSC22.???????W?"
]
}
},
"product_reference": "CSAFPID-22018",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.2 installed on VEGAPULS C 23 Four-wire Modbus",
"product_id": "CSAFPID-31019",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_modbus_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC23.???????W?"
]
}
},
"product_reference": "CSAFPID-21019",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.2 installed on VEGAPULS C 23 Four-wire Modbus",
"product_id": "CSAFPID-32019",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_modbus_firmware:1.2.2:*:*:*:*:*:*:*",
"model_numbers": [
"PSC23.???????W?"
]
}
},
"product_reference": "CSAFPID-22019",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.3 installed on VEGAPULS 21 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-31013",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls21_4to20hart_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS21.???????H?"
]
}
},
"product_reference": "CSAFPID-21013",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.3 installed on VEGAPULS 21 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-32013",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls21_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"model_numbers": [
"PS21.???????H?"
]
}
},
"product_reference": "CSAFPID-22013",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.3 installed on VEGAPULS 31 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-31014",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls31_4to20hart_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS31.???????H?"
]
}
},
"product_reference": "CSAFPID-21014",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.3 installed on VEGAPULS 31 Two-wire 4_20 mA/HART",
"product_id": "CSAFPID-32014",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls31_4to20hart_firmware:1.2.3:*:*:*:*:*:*:*",
"model_numbers": [
"PS31.???????H?"
]
}
},
"product_reference": "CSAFPID-22014",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.1 installed on VEGAPULS 42 Three-wire IO-Link, Transistor, 4_20 mA",
"product_id": "CSAFPID-31015",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls42_iolink_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS42.????????????"
]
}
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.1 installed on VEGAPULS 42 Three-wire IO-Link, Transistor, 4_20 mA",
"product_id": "CSAFPID-32015",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls42_iolink_firmware:1.2.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS42.????????????"
]
}
},
"product_reference": "CSAFPID-22015",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.1.1 installed on VEGAPULS 6X Two-wire EtherNet/IP, Modbus TCP, OPC UA (Ethernet-APL)",
"product_id": "CSAFPID-31020",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_ethip_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????X????????"
]
}
},
"product_reference": "CSAFPID-21020",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.1.1 installed on VEGAPULS 6X Two-wire EtherNet/IP, Modbus TCP, OPC UA (Ethernet-APL)",
"product_id": "CSAFPID-32020",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_ethip_firmware:1.1.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????X????????"
]
}
},
"product_reference": "CSAFPID-22020",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.0.1 installed on VEGAPULS 6X Two-wire Profibus PA",
"product_id": "CSAFPID-31021",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_profibuspa_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????P????????"
]
}
},
"product_reference": "CSAFPID-21021",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0.1 installed on VEGAPULS 6X Two-wire Profibus PA",
"product_id": "CSAFPID-32021",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_profibuspa_firmware:1.0.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????P????????"
]
}
},
"product_reference": "CSAFPID-22021",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.3.2 installed on VEGAPULS 6X Four-wire Modbus",
"product_id": "CSAFPID-31022",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_modbus_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????W????????"
]
}
},
"product_reference": "CSAFPID-21022",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware = 1.4.0 installed on VEGAPULS 6X Four-wire Modbus",
"product_id": "CSAFPID-31023",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_modbus_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????W????????"
]
}
},
"product_reference": "CSAFPID-21023",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.3.2 installed on VEGAPULS 6X Four-wire Modbus",
"product_id": "CSAFPID-32022",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_modbus_firmware:1.3.2:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????W????????"
]
}
},
"product_reference": "CSAFPID-22022",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.4.1 installed on VEGAPULS 6X Four-wire Modbus",
"product_id": "CSAFPID-32023",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls6x_modbus_firmware:1.4.1:*:*:*:*:*:*:*",
"model_numbers": [
"PS6X.2???????????W????????"
]
}
},
"product_reference": "CSAFPID-22023",
"relates_to_product_reference": "CSAFPID-11022"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-3323",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unsecured configuration interface on the affected devices allows an unauthenticated remote attacker to gain sensitive information like hashed credentials and access codes.",
"title": "CVE Description"
},
{
"category": "details",
"text": "Due to different bus and network interfaces the affected products have different CVSS vectors. Please see the scores listed in the CSAF for details.",
"title": "Vulnerability details"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Implement access control to physical interfaces to prevent unauthorized access.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023"
]
},
{
"category": "vendor_fix",
"details": "Update to fixed firmware versions listed in this advisory.\n\nRotate any credentials that were used on the affected devices as they may have been compromised.\n\nContact VEGA Support if rotating emergency codes is necessary based on your risk assessment.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023"
],
"restart_required": {
"category": "vulnerable_component",
"details": "A restart of the vulnerable component is required after applying the firmware update."
},
"url": "https://www.vega.com/en-us/downloads"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023"
]
},
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "Privilege escalation through unsecured configuration interface"
}
]
}
VDE-2026-047
Vulnerability from csaf_vegagrieshaberkg - Published: 2026-05-04 06:00 - Updated: 2026-06-22 10:00An unsecured configuration interface on the affected devices allows an authenticated remote attacker to gain sensitive information like hashed credentials and access codes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31002 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31003 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31004 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31005 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31006 | — |
Mitigation
Vendor Fix
fix
|
|
|
CVE-2026-3323 Reference Score
VEGA Grieshaber KG / Firmware
|
— |
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Product Security Unit at VEGA Grieshaber KG",
"summary": "reporting",
"urls": [
"https://www.vega.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "medium"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.\n\nIt was found that users with no or low rights can access information from devices that should not be available to them.\n\nAn attacker can use this information to impersonate authorized users.",
"title": "Summary"
},
{
"category": "description",
"text": "An authenticated attacker can obtain sensitive information, potentially enabling authenticated device modification.",
"title": "Impact"
},
{
"category": "description",
"text": "Implement access controls for interfaces to prevent unauthorized access.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the fixed firmware versions listed in this advisory. Rotate any credentials used on affected devices as they may have been compromised. Contact VEGA Support if emergency code rotation is necessary based on your risk assessment.\n\nFixed Versions:\n* Firmware 2.2.1 installed on VEGAPULS Air 41 Cellular (NB-IoT/LTE-M) + LoRa\n* Firmware 2.2.1 installed on VEGAPULS Air 41 Cellular (NB-IoT/LTE-M)\n* Firmware 2.2.1 installed on VEGAPULS Air 41 LoRa\n* Firmware 2.2.1 installed on VEGAPULS Air 42 Cellular (NB-IoT/LTE-M) + LoRa\n* Firmware 2.2.1 installed on VEGAPULS Air 42 Cellular (NB-IoT/LTE-M)\n* Firmware 2.2.1 installed on VEGAPULS Air 42 LoRa",
"title": "Remediation"
},
{
"category": "general",
"text": "Implement access controls for interfaces to prevent unauthorized access.",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@vega.com",
"name": "VEGA Grieshaber KG",
"namespace": "https://vega.com"
},
"references": [
{
"category": "external",
"summary": "VEGA Grieshaber PSIRT",
"url": "https://www.vega.com/en-us/company/legal-notice/information-on-cyber-security"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for VEGA Grieshaber",
"url": "https://certvde.com/en/advisories/vendor/vega"
},
{
"category": "self",
"summary": "VDE-2026-047: VEGA: Missing Authentication for critical function in VEGAPULS Air products - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-047"
},
{
"category": "self",
"summary": "VDE-2026-047: VEGA: Missing Authentication for critical function in VEGAPULS Air products - CSAF",
"url": "https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-047.json"
}
],
"title": "VEGA: Missing Authentication for critical function in VEGAPULS Air products",
"tracking": {
"aliases": [
"VDE-2026-047"
],
"current_release_date": "2026-06-22T10:00:00.000Z",
"generator": {
"date": "2026-06-22T09:45:24.586Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44"
}
},
"id": "VDE-2026-047",
"initial_release_date": "2026-05-04T06:00:00.000Z",
"revision_history": [
{
"date": "2026-05-04T06:00:00.000Z",
"number": "1.0.0",
"summary": "Initial Release"
},
{
"date": "2026-05-04T09:05:00.000Z",
"number": "1.0.1",
"summary": "Updated Title"
},
{
"date": "2026-06-22T10:00:00.000Z",
"number": "1.0.2",
"summary": "Added fixed Versions to Remediation document notes"
}
],
"status": "final",
"version": "1.0.2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "VEGAPULS Air 41 Cellular (NB-IoT/LTE-M) + LoRa",
"product": {
"name": "VEGAPULS Air 41 Cellular (NB-IoT/LTE-M) + LoRa",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsair41_cellularlora_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA41.*****N***"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-41"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS Air 41 Cellular (NB-IoT/LTE-M)",
"product": {
"name": "VEGAPULS Air 41 Cellular (NB-IoT/LTE-M)",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsair41_cellular_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA41.*****C***"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-41"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS Air 41 LoRa",
"product": {
"name": "VEGAPULS Air 41 LoRa",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsair41_lora_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA41.*****L***"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-41"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS Air 42 Cellular (NB-IoT/LTE-M) + LoRa",
"product": {
"name": "VEGAPULS Air 42 Cellular (NB-IoT/LTE-M) + LoRa",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsair42_cellularlora_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA42.*****N***"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-42"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS Air 42 Cellular (NB-IoT/LTE-M)",
"product": {
"name": "VEGAPULS Air 42 Cellular (NB-IoT/LTE-M)",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsair42_cellular_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA42.*****C***"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-42"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS Air 42 LoRa",
"product": {
"name": "VEGAPULS Air 42 LoRa",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsair42_lora_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA42.*****L***"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-42"
}
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c2.2.1",
"product": {
"name": "Firmware \u003c 2.2.1",
"product_id": "CSAFPID-21001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_cellularlora_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-41"
}
]
}
}
},
{
"category": "product_version",
"name": "2.2.1",
"product": {
"name": "Firmware 2.2.1",
"product_id": "CSAFPID-22001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_cellularlora_firmware:2.2.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-41"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS Air 41 Cellular (NB-IoT/LTE-M) + LoRa"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c2.2.1",
"product": {
"name": "Firmware \u003c 2.2.1",
"product_id": "CSAFPID-21002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_cellular_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-41"
}
]
}
}
},
{
"category": "product_version",
"name": "2.2.1",
"product": {
"name": "Firmware 2.2.1",
"product_id": "CSAFPID-22002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_cellular_firmware:2.2.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-41"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS Air 41 Cellular (NB-IoT/LTE-M)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c2.2.1",
"product": {
"name": "Firmware \u003c 2.2.1",
"product_id": "CSAFPID-21003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_lora_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-41"
}
]
}
}
},
{
"category": "product_version",
"name": "2.2.1",
"product": {
"name": "Firmware 2.2.1",
"product_id": "CSAFPID-22003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_lora_firmware:2.2.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-41"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS Air 41 LoRa"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c2.2.1",
"product": {
"name": "Firmware \u003c 2.2.1",
"product_id": "CSAFPID-21004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_cellularlora_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-42"
}
]
}
}
},
{
"category": "product_version",
"name": "2.2.1",
"product": {
"name": "Firmware 2.2.1",
"product_id": "CSAFPID-22004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_cellularlora_firmware:2.2.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-42"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS Air 42 Cellular (NB-IoT/LTE-M) + LoRa"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c2.2.1",
"product": {
"name": "Firmware \u003c 2.2.1",
"product_id": "CSAFPID-21005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_cellular_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-42"
}
]
}
}
},
{
"category": "product_version",
"name": "2.2.1",
"product": {
"name": "Firmware 2.2.1",
"product_id": "CSAFPID-22005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_cellular_firmware:2.2.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-42"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS Air 42 Cellular (NB-IoT/LTE-M)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c2.2.1",
"product": {
"name": "Firmware \u003c 2.2.1",
"product_id": "CSAFPID-21006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_lora_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-42"
}
]
}
}
},
{
"category": "product_version",
"name": "2.2.1",
"product": {
"name": "Firmware 2.2.1",
"product_id": "CSAFPID-22006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_lora_firmware:2.2.1:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-air-42"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS Air 42 LoRa"
},
{
"category": "product_name",
"name": "CVE Reference Score",
"product": {
"name": "CVE-2026-3323 Reference Score",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "VEGA Grieshaber KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 2.2.1 installed on VEGAPULS Air 41 Cellular (NB-IoT/LTE-M) + LoRa",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_cellularlora_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA41.*****N***"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.2.1 installed on VEGAPULS Air 41 Cellular (NB-IoT/LTE-M) + LoRa",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_cellularlora_firmware:2.2.1:*:*:*:*:*:*:*",
"model_numbers": [
"PSA41.*****N***"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 2.2.1 installed on VEGAPULS Air 41 Cellular (NB-IoT/LTE-M)",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_cellular_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA41.*****C***"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.2.1 installed on VEGAPULS Air 41 Cellular (NB-IoT/LTE-M)",
"product_id": "CSAFPID-32002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_cellular_firmware:2.2.1:*:*:*:*:*:*:*",
"model_numbers": [
"PSA41.*****C***"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 2.2.1 installed on VEGAPULS Air 41 LoRa",
"product_id": "CSAFPID-31003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_lora_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA41.*****L***"
]
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.2.1 installed on VEGAPULS Air 41 LoRa",
"product_id": "CSAFPID-32003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair41_lora_firmware:2.2.1:*:*:*:*:*:*:*",
"model_numbers": [
"PSA41.*****L***"
]
}
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 2.2.1 installed on VEGAPULS Air 42 Cellular (NB-IoT/LTE-M) + LoRa",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_cellularlora_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA42.*****N***"
]
}
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.2.1 installed on VEGAPULS Air 42 Cellular (NB-IoT/LTE-M) + LoRa",
"product_id": "CSAFPID-32004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_cellularlora_firmware:2.2.1:*:*:*:*:*:*:*",
"model_numbers": [
"PSA42.*****N***"
]
}
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 2.2.1 installed on VEGAPULS Air 42 Cellular (NB-IoT/LTE-M)",
"product_id": "CSAFPID-31005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_cellular_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA42.*****C***"
]
}
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.2.1 installed on VEGAPULS Air 42 Cellular (NB-IoT/LTE-M)",
"product_id": "CSAFPID-32005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_cellular_firmware:2.2.1:*:*:*:*:*:*:*",
"model_numbers": [
"PSA42.*****C***"
]
}
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 2.2.1 installed on VEGAPULS Air 42 LoRa",
"product_id": "CSAFPID-31006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_lora_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSA42.*****L***"
]
}
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.2.1 installed on VEGAPULS Air 42 LoRa",
"product_id": "CSAFPID-32006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsair42_lora_firmware:2.2.1:*:*:*:*:*:*:*",
"model_numbers": [
"PSA42.*****L***"
]
}
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-3323",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unsecured configuration interface on the affected devices allows an authenticated remote attacker to gain sensitive information like hashed credentials and access codes.",
"title": "CVE Description"
},
{
"category": "details",
"text": "Due to different bus and network interfaces the affected products have different CVSS vectors. Please see the scores listed in the CSAF for details.",
"title": "Vulnerability details"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Implement access control to interfaces to prevent unauthorized access.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
{
"category": "vendor_fix",
"details": "Update to fixed firmware versions listed in this advisory.\n\nRotate any credentials that were used on the affected devices as they may have been compromised.\n\nContact VEGA Support if rotating emergency codes is necessary based on your risk assessment.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"restart_required": {
"category": "vulnerable_component",
"details": "A restart of the vulnerable component is required after applying the firmware update."
},
"url": "https://www.vega.com/en-us/downloads"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "Privilege escalation through unsecured configuration interface"
}
]
}
VDE-2026-048
Vulnerability from csaf_vegagrieshaberkg - Published: 2026-05-04 06:00 - Updated: 2026-06-24 10:00An unsecured configuration interface on the affected devices allows an authenticated attacker with adjacent access (with Bluetooth) to gain sensitive information like hashed credentials and access codes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31002 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31003 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31004 | — |
Mitigation
Vendor Fix
fix
|
|
| Unresolved product id: CSAFPID-31005 | — |
Mitigation
Vendor Fix
fix
|
|
|
CVE-2026-3323 Reference Score
VEGA Grieshaber KG / Firmware
|
— |
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Product Security Unit at VEGA Grieshaber KG",
"summary": "reporting",
"urls": [
"https://www.vega.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "medium"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.\n\nIt was found that users with no or low rights can access information from devices that should not be available to them.\n\nAn attacker can use this information to impersonate authorized users.",
"title": "Summary"
},
{
"category": "description",
"text": "An authenticated attacker with adjacent access can obtain sensitive information, potentially enabling authenticated device modification.",
"title": "Impact"
},
{
"category": "description",
"text": "Implement access controls for physical interfaces to prevent unauthorized access.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the fixed firmware versions listed in this advisory. Rotate any credentials used on affected devices as they may have been compromised. Contact VEGA Support if emergency code rotation is necessary based on your risk assessment.\n\nFixed version:\n\n* Firmware 1.2.3 installed on VEGAPULS 11 with Bluetooth\n* Firmware 1.2.3 installed on VEGAPULS C 11 with Bluetooth\n* Firmware 1.3.2 installed on VEGAPULS C 21 Three-wire SDI12\n* Firmware 1.3.2 installed on VEGAPULS C 22 Three-wire SDI12\n* Firmware 1.3.2 installed on VEGAPULS C 23 Three-wire SDI12",
"title": "Remediation"
},
{
"category": "general",
"text": "Implement access controls for physical interfaces to prevent unauthorized access.",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@vega.com",
"name": "VEGA Grieshaber KG",
"namespace": "https://vega.com"
},
"references": [
{
"category": "external",
"summary": "VEGA Grieshaber PSIRT",
"url": "https://www.vega.com/en-us/company/legal-notice/information-on-cyber-security"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for VEGA Grieshaber",
"url": "https://certvde.com/en/advisories/vendor/vega"
},
{
"category": "self",
"summary": "VDE-2026-048: VEGA: Missing Authentication for critical function in VEGAPULS Bluetooth products - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-048"
},
{
"category": "self",
"summary": "VDE-2026-048: VEGA: Missing Authentication for critical function in VEGAPULS Bluetooth products - CSAF",
"url": "https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-048.json"
}
],
"title": "VEGA: Missing Authentication for critical function in VEGAPULS Bluetooth products",
"tracking": {
"aliases": [
"VDE-2026-048"
],
"current_release_date": "2026-06-24T10:00:00.000Z",
"generator": {
"date": "2026-06-24T08:51:50.498Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44"
}
},
"id": "VDE-2026-048",
"initial_release_date": "2026-05-04T06:00:00.000Z",
"revision_history": [
{
"date": "2026-05-04T06:00:00.000Z",
"number": "1.0.0",
"summary": "Initial Release"
},
{
"date": "2026-05-04T09:10:00.000Z",
"number": "1.0.1",
"summary": "Updated Title"
},
{
"date": "2026-06-24T10:00:00.000Z",
"number": "1.0.2",
"summary": "Added fixed version to document notes remediation"
}
],
"status": "final",
"version": "1.0.2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "VEGAPULS 11 with Bluetooth",
"product": {
"name": "VEGAPULS 11 with Bluetooth",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapuls11_bt_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS11.??B"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-11"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 11 with Bluetooth",
"product": {
"name": "VEGAPULS C 11 with Bluetooth",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc11_bt_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC11.?B"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-11"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 21 Three-wire SDI12",
"product": {
"name": "VEGAPULS C 21 Three-wire SDI12",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc21_sdi12_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC21.???????S?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-21"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 22 Three-wire SDI12",
"product": {
"name": "VEGAPULS C 22 Three-wire SDI12",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc22_sdi12_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC22.???????S?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-22"
}
]
}
}
},
{
"category": "product_name",
"name": "VEGAPULS C 23 Three-wire SDI12",
"product": {
"name": "VEGAPULS C 23 Three-wire SDI12",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"cpe": "cpe:2.3:h:vega:vegapulsc23_sdi12_hardware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC23.???????S?"
],
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-23"
}
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.3",
"product": {
"name": "Firmware \u003c 1.2.3",
"product_id": "CSAFPID-21001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls11_bt_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-11"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.3",
"product": {
"name": "Firmware 1.2.3",
"product_id": "CSAFPID-22001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls11_bt_firmware:1.2.3:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-11"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS 11 with Bluetooth"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.2.3",
"product": {
"name": "Firmware \u003c 1.2.3",
"product_id": "CSAFPID-21002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc11_bt_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-11"
}
]
}
}
},
{
"category": "product_version",
"name": "1.2.3",
"product": {
"name": "Firmware 1.2.3",
"product_id": "CSAFPID-22002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc11_bt_firmware:1.2.3:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-11"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 11 with Bluetooth"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.3.2",
"product": {
"name": "Firmware \u003c 1.3.2",
"product_id": "CSAFPID-21003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_sdi12_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-21"
}
]
}
}
},
{
"category": "product_version",
"name": "1.3.2",
"product": {
"name": "Firmware 1.3.2",
"product_id": "CSAFPID-22003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_sdi12_firmware:1.3.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-21"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 21 Three-wire SDI12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.3.2",
"product": {
"name": "Firmware \u003c 1.3.2",
"product_id": "CSAFPID-21004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_sdi12_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-22"
}
]
}
}
},
{
"category": "product_version",
"name": "1.3.2",
"product": {
"name": "Firmware 1.3.2",
"product_id": "CSAFPID-22004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_sdi12_firmware:1.3.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-22"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 22 Three-wire SDI12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003c1.3.2",
"product": {
"name": "Firmware \u003c 1.3.2",
"product_id": "CSAFPID-21005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_sdi12_firmware:*:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-23"
}
]
}
}
},
{
"category": "product_version",
"name": "1.3.2",
"product": {
"name": "Firmware 1.3.2",
"product_id": "CSAFPID-22005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_sdi12_firmware:1.3.2:*:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://www.vega.com/en-us/products/product-catalog/",
"uri": "https://www.vega.com/en-us/products/product-catalog/level/radar/vegapuls-c-23"
}
]
}
}
}
],
"category": "product_name",
"name": "VEGAPULS C 23 Three-wire SDI12"
},
{
"category": "product_name",
"name": "CVE Reference Score",
"product": {
"name": "CVE-2026-3323 Reference Score",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "VEGA Grieshaber KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.3 installed on VEGAPULS 11 with Bluetooth",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls11_bt_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PS11.??B"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.3 installed on VEGAPULS 11 with Bluetooth",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapuls11_bt_firmware:1.2.3:*:*:*:*:*:*:*",
"model_numbers": [
"PS11.??B"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.2.3 installed on VEGAPULS C 11 with Bluetooth",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc11_bt_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC11.?B"
]
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.2.3 installed on VEGAPULS C 11 with Bluetooth",
"product_id": "CSAFPID-32002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc11_bt_firmware:1.2.3:*:*:*:*:*:*:*",
"model_numbers": [
"PSC11.?B"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.3.2 installed on VEGAPULS C 21 Three-wire SDI12",
"product_id": "CSAFPID-31003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_sdi12_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC21.???????S?"
]
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.3.2 installed on VEGAPULS C 21 Three-wire SDI12",
"product_id": "CSAFPID-32003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc21_sdi12_firmware:1.3.2:*:*:*:*:*:*:*",
"model_numbers": [
"PSC21.???????S?"
]
}
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.3.2 installed on VEGAPULS C 22 Three-wire SDI12",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_sdi12_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC22.???????S?"
]
}
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.3.2 installed on VEGAPULS C 22 Three-wire SDI12",
"product_id": "CSAFPID-32004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc22_sdi12_firmware:1.3.2:*:*:*:*:*:*:*",
"model_numbers": [
"PSC22.???????S?"
]
}
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c 1.3.2 installed on VEGAPULS C 23 Three-wire SDI12",
"product_id": "CSAFPID-31005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_sdi12_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"PSC23.???????S?"
]
}
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.3.2 installed on VEGAPULS C 23 Three-wire SDI12",
"product_id": "CSAFPID-32005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:vega:vegapulsc23_sdi12_firmware:1.3.2:*:*:*:*:*:*:*",
"model_numbers": [
"PSC23.???????S?"
]
}
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11005"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-3323",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unsecured configuration interface on the affected devices allows an authenticated attacker with adjacent access (with Bluetooth) to gain sensitive information like hashed credentials and access codes.",
"title": "CVE Description"
},
{
"category": "details",
"text": "Due to different bus and network interfaces the affected products have different CVSS vectors. Please see the scores listed in the CSAF for details.",
"title": "Vulnerability details"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Implement access control to physical interfaces to prevent unauthorized access.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
{
"category": "vendor_fix",
"details": "Update to fixed firmware versions listed in this advisory.\n\nRotate any credentials that were used on the affected devices as they may have been compromised.\n\nContact VEGA Support if rotating emergency codes is necessary based on your risk assessment.",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
],
"restart_required": {
"category": "vulnerable_component",
"details": "A restart of the vulnerable component is required after applying the firmware update."
},
"url": "https://www.vega.com/en-us/downloads"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.7,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "Privilege escalation through unsecured configuration interface"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.