Pilz
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Pilz product.
RSS Feeds for Pilz security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Pilz products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Pilz Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 2 vulnerabilities in Pilz with an average score of 8.0 out of ten. Pilz did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.95 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 4 | 7.03 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.80 |
It may take a day or so for new Pilz vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pilz Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2023-45795 | Jun 22, 2026 |
XSS in Builder Component of Pilz PASvisu <1.14.1A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device. |
Pmi V8xx
Pasvisu
|
| CVE-2023-45796 | Jun 22, 2026 |
XSS in Pilz PASvisu Runtime <1.14.1 allows unauth remote tamperingA stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability. |
Pmi V8xx
Pasvisu
|
| CVE-2019-9011 | Dec 26, 2022 |
Pilz PMC Tool <3.5.17 Username EnumerationIn Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames. |
Pmc
|
| CVE-2020-12069 | Dec 26, 2022 |
CODESYS V3 3.5.16.0 CmpUserMgr Weak Hash ExploitIn CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. |
Pmc
|
| CVE-2020-12067 | Dec 26, 2022 |
Pilz PMC Programming Tool 3.x <=3.5.16 Unauthenticated Password ChangeIn Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password. |
Pmc
|
| CVE-2022-40977 | Nov 24, 2022 |
Pilz PASvisu Server <1.12.0 Path Traversal via ZipSlipA path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability. |
Pasvisu
|
| CVE-2018-19009 | Jan 25, 2019 |
Pilz PNOZmulti Configurator prior to version 10.9Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device. |
Pnozmulti Configurator
|