Unsecured Configuration Interface in VDE Products Exposes Sensitive Information
CVE-2026-3323

7.5HIGH

Key Information:

Vendor: Vega Grieshaber
Status: Vegapuls 6x Two-wire Profinet, Modbus Tcp, Opc Ua (ethernet-apl)
Vendor: CVE Published:; 28 April 2026

🔔 Create Vega Grieshaber Vulnerability Alert

What is CVE-2026-3323?

The vulnerability allows unauthenticated remote attackers to exploit an unsecured configuration interface on affected VDE devices. This can lead to unauthorized access to sensitive information, including hashed credentials and access codes, posing a significant risk to user security and data integrity. Proper measures should be taken to secure the configuration settings to prevent potential breaches.

Affected Version(s)

VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL) 1.0.0

VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL) 1.1.0

References

https://certvde.com/en/advisories/VDE-2026-016

vendor-advisory

https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Feb 27, 2026

Credit

Product Security Unit at VEGA Grieshaber KG

CVE-2026-3323 Data

JSON