← Back to home
bsi-2026-0001  ·  Published 2026-02-02  ·  View on BSI CERT-Bund ↗

Unauthorized access affects VibroLine and AvibiaLine devices

CVSS 9.8 CRITICAL

Risk Summary

An attacker can exploit multiple vulnerabilities in VibroLine and AvibiaLine devices to gain unauthorized access or execute a denial of service attack.

Remediations

  • Update VibroLine VLX HD 5.0 devices to firmware version 2.1.1866 or later which includes a fix for this vulnerability.
  • Update AvibiaLine AVLX devices to firmware version 2.1.1866 or later which includes a fix for this vulnerability.
  • Update VibroLine Configurator to version 5.1.2730 or later which includes a fix for this vulnerability.
  • Update AvibiaLine Configurator to version 5.1.2730 or later which includes a fix for this vulnerability.
  • Isolate the network from the public internet and limit access to trustworthy devices (see section "Network Security" in the manual). If only one configuration preset is required remove any other presets.
  • Limit access to the RS485 bus to trustworthy devices. If only one configuration preset is required remove any other presets.
  • Limit access to the CAN bus to trustworthy devices. If only one configuration preset is required remove any other presets.
  • Assign a password to the device on first use.

Affected Vendors

IDS Innomic Schwingungsmesstechnik GmbH avibia GmbH

Affected Products (11)

IDS Innomic Schwingungsmesstechnik GmbH · VibroLine 4.0 VLE Firmware vers:intdot/>=1.4.1074|<=1.4.1116
IDS Innomic Schwingungsmesstechnik GmbH · VibroLine 4.0 VLX Firmware vers:intdot/>=1.5.1074|<=1.5.1116
IDS Innomic Schwingungsmesstechnik GmbH · VibroLine 4.0 Configurator vers:intdot/>=4.0.1931|<=4.0.2406
IDS Innomic Schwingungsmesstechnik GmbH · VibroLine 5.0 Firmware vers:intdot/>=2.1.1340|<=2.1.1387
IDS Innomic Schwingungsmesstechnik GmbH · VibroLine 5.0 Firmware 2.1.1866
IDS Innomic Schwingungsmesstechnik GmbH · VibroLine 5.0 Configurator vers:intdot/>=5.0.2416|<=5.1.2547
IDS Innomic Schwingungsmesstechnik GmbH · VibroLine 5.0 Configurator 5.1.2732
avibia GmbH · AvibiaLine Firmware vers:intdot/>=2.1.1340|<=2.1.1387
avibia GmbH · AvibiaLine Firmware 2.1.1866
avibia GmbH · AvibiaLine Configurator vers:intdot/>=5.0.2416|<=5.0.2486
avibia GmbH · AvibiaLine Configurator 5.1.2732

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more