bsi-2026-0001
·
Published 2026-02-02
·
View on BSI CERT-Bund ↗
Unauthorized access affects VibroLine and AvibiaLine devices
CVSS 9.8
CRITICAL
Risk Summary
An attacker can exploit multiple vulnerabilities in VibroLine and AvibiaLine devices to gain unauthorized access or execute a denial of service attack.
CVEs (7)
Remediations
- Update VibroLine VLX HD 5.0 devices to firmware version 2.1.1866 or later which includes a fix for this vulnerability.
- Update AvibiaLine AVLX devices to firmware version 2.1.1866 or later which includes a fix for this vulnerability.
- Update VibroLine Configurator to version 5.1.2730 or later which includes a fix for this vulnerability.
- Update AvibiaLine Configurator to version 5.1.2730 or later which includes a fix for this vulnerability.
- Isolate the network from the public internet and limit access to trustworthy devices (see section "Network Security" in the manual). If only one configuration preset is required remove any other presets.
- Limit access to the RS485 bus to trustworthy devices. If only one configuration preset is required remove any other presets.
- Limit access to the CAN bus to trustworthy devices. If only one configuration preset is required remove any other presets.
- Assign a password to the device on first use.
Affected Vendors
IDS Innomic Schwingungsmesstechnik GmbH
avibia GmbH
Affected Products (11)
IDS Innomic Schwingungsmesstechnik GmbH
·
VibroLine 4.0 VLE Firmware
vers:intdot/>=1.4.1074|<=1.4.1116
IDS Innomic Schwingungsmesstechnik GmbH
·
VibroLine 4.0 VLX Firmware
vers:intdot/>=1.5.1074|<=1.5.1116
IDS Innomic Schwingungsmesstechnik GmbH
·
VibroLine 4.0 Configurator
vers:intdot/>=4.0.1931|<=4.0.2406
IDS Innomic Schwingungsmesstechnik GmbH
·
VibroLine 5.0 Firmware
vers:intdot/>=2.1.1340|<=2.1.1387
IDS Innomic Schwingungsmesstechnik GmbH
·
VibroLine 5.0 Firmware
2.1.1866
IDS Innomic Schwingungsmesstechnik GmbH
·
VibroLine 5.0 Configurator
vers:intdot/>=5.0.2416|<=5.1.2547
IDS Innomic Schwingungsmesstechnik GmbH
·
VibroLine 5.0 Configurator
5.1.2732
avibia GmbH
·
AvibiaLine Firmware
vers:intdot/>=2.1.1340|<=2.1.1387
avibia GmbH
·
AvibiaLine Firmware
2.1.1866
avibia GmbH
·
AvibiaLine Configurator
vers:intdot/>=5.0.2416|<=5.0.2486
avibia GmbH
·
AvibiaLine Configurator
5.1.2732
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more