Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    354 vulnerabilities by codesys

    CVE-2026-8047 (GCVE-0-2026-8047)

    Vulnerability from nvd – Published: 2026-05-26 06:49 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Out-of-bounds Write in CODESYS Control
    Summary
    The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:45:06.909963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:24.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_virtual_control_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device."
                }
              ],
              "value": "The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:49:54.813Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-057/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-057",
            "defect": [
              "CERT@VDE#642073"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Write in CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-8047",
        "datePublished": "2026-05-26T06:49:54.813Z",
        "dateReserved": "2026-05-06T17:12:05.142Z",
        "dateUpdated": "2026-05-26T10:48:24.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8046 (GCVE-0-2026-8046)

    Vulnerability from nvd – Published: 2026-05-26 06:45 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Incorrect Authorization in CODESYS Control
    Summary
    The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:58.318097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:37.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_virtual_control_sl_:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ABB AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
                }
              ],
              "value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:46:47.189Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-056/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-056",
            "defect": [
              "CERT@VDE#642072"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Authorization in CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-8046",
        "datePublished": "2026-05-26T06:45:21.724Z",
        "dateReserved": "2026-05-06T17:10:12.759Z",
        "dateUpdated": "2026-05-26T10:48:37.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44469 (GCVE-0-2026-44469)

    Vulnerability from nvd – Published: 2026-05-26 06:39 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Incorrect Default Permissions in CODESYS Development System
    Summary
    The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:51.917941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:51.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_development_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation."
                }
              ],
              "value": "The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:39:04.477Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-055/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-055",
            "defect": [
              "CERT@VDE#642071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Default Permissions in CODESYS Development System",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-44469",
        "datePublished": "2026-05-26T06:39:04.477Z",
        "dateReserved": "2026-05-06T17:08:03.356Z",
        "dateUpdated": "2026-05-26T10:48:51.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44468 (GCVE-0-2026-44468)

    Vulnerability from nvd – Published: 2026-05-26 06:37 – Updated: 2026-05-26 10:49
    VLAI
    Title
    Incorrect Default Permissions in CODESYS Development System
    Summary
    The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:43.453556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:49:05.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_development_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components."
                }
              ],
              "value": "The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:37:53.259Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-055/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-055",
            "defect": [
              "CERT@VDE#642071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Default Permissions in CODESYS Development System",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-44468",
        "datePublished": "2026-05-26T06:37:53.259Z",
        "dateReserved": "2026-05-06T17:08:03.356Z",
        "dateUpdated": "2026-05-26T10:49:05.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0393 (GCVE-0-2026-0393)

    Vulnerability from nvd – Published: 2026-05-21 10:44 – Updated: 2026-05-21 13:22
    VLAI
    Title
    CODESYS Visualization - Insufficiently Protected Credentials
    Summary
    The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS Visualization Affected: 1.0.0.0 , < 4.10.0.0 (semver)
    Create a notification for this product.
    Credits
    Silvan Schweizer from CTA AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T13:21:50.408211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T13:22:36.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Visualization",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.10.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:visualization:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.10.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Silvan Schweizer from CTA AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."
                }
              ],
              "value": "The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T10:44:42.517Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-052",
            "defect": [
              "CERT@VDE#641921"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Visualization - Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-0393",
        "datePublished": "2026-05-21T10:44:42.517Z",
        "dateReserved": "2025-11-27T14:02:51.635Z",
        "dateUpdated": "2026-05-21T13:22:36.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35227 (GCVE-0-2026-35227)

    Vulnerability from nvd – Published: 2026-05-12 07:14 – Updated: 2026-05-13 14:38
    VLAI
    Title
    Improper resource management in CODESYS Modbus TCP Server
    Summary
    An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-772 - Missing Release of Resource after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Modbus Affected: 1.0.0.0 , < 4.6.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB Schweiz AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:29:08.743627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:38:41.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Modbus",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.6.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_modbus:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB Schweiz AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-772",
                  "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T07:14:41.517Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-042"
            }
          ],
          "source": {
            "advisory": "VDE-2026-042",
            "defect": [
              "CERT@VDE#642013"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Improper resource management in CODESYS Modbus TCP Server",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35227",
        "datePublished": "2026-05-12T07:14:41.517Z",
        "dateReserved": "2026-04-01T19:54:21.499Z",
        "dateUpdated": "2026-05-13T14:38:41.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35225 (GCVE-0-2026-35225)

    Vulnerability from nvd – Published: 2026-04-23 13:54 – Updated: 2026-04-23 15:35
    VLAI
    Title
    Improper timeout handling in CODESYS EtherNetIP
    Summary
    An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS EtherNetIP Affected: 1.0.0.0 , < 4.9.0.0 (custom)
    Create a notification for this product.
    Credits
    ABB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-23T15:35:35.243946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-23T15:35:43.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS EtherNetIP",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.9.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_ethernetip:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.9.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ABB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."
                }
              ],
              "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T13:54:51.863Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.certvde.com/en/advisories/VDE-2026-040/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper timeout handling in CODESYS EtherNetIP",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35225",
        "datePublished": "2026-04-23T13:54:51.863Z",
        "dateReserved": "2026-04-01T19:54:21.499Z",
        "dateUpdated": "2026-04-23T15:35:43.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3509 (GCVE-0-2026-3509)

    Vulnerability from nvd – Published: 2026-03-24 07:42 – Updated: 2026-03-26 12:35
    VLAI
    Title
    CODESYS Control Audit Log Format String DoS
    Summary
    An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Use of Externally-Controlled Format String
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T12:35:33.893071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T12:35:48.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial\u2011of\u2011service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial\u2011of\u2011service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134 Use of Externally-Controlled Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T07:42:33.820Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-018"
            }
          ],
          "source": {
            "advisory": "VDE-2026-018",
            "defect": [
              "CERT@VDE#641968"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control Audit Log Format String DoS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-3509",
        "datePublished": "2026-03-24T07:42:33.820Z",
        "dateReserved": "2026-03-04T09:24:19.745Z",
        "dateUpdated": "2026-03-26T12:35:48.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41660 (GCVE-0-2025-41660)

    Vulnerability from nvd – Published: 2026-03-24 07:41 – Updated: 2026-03-24 13:16
    VLAI
    Title
    CODESYS Control Boot Application Replacement Enables Code Execution
    Summary
    A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Credits
    Luca Borzacchiello from Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T13:15:49.570572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T13:16:02.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Luca Borzacchiello from Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.\u003cbr\u003e"
                }
              ],
              "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T07:41:43.004Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-011"
            }
          ],
          "source": {
            "advisory": "VDE-2026-011",
            "defect": [
              "CERT@VDE#641802"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control Boot Application Replacement Enables Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41660",
        "datePublished": "2026-03-24T07:41:43.004Z",
        "dateReserved": "2025-04-16T11:17:48.307Z",
        "dateUpdated": "2026-03-24T13:16:02.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2364 (GCVE-0-2026-2364)

    Vulnerability from nvd – Published: 2026-03-10 07:22 – Updated: 2026-03-10 16:51
    VLAI
    Title
    CODESYS Installer TOCTOU Privilege Escalation
    Summary
    If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Installer Affected: 0.0.0 , < 2.6.1.0 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2364",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:39:49.202345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:59.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Installer",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "2.6.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.\u003cbr\u003e"
                }
              ],
              "value": "If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T07:22:42.658Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-012"
            }
          ],
          "source": {
            "advisory": "VDE-2026-012",
            "defect": [
              "CERT@VDE#641953"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Installer TOCTOU Privilege Escalation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-2364",
        "datePublished": "2026-03-10T07:22:42.658Z",
        "dateReserved": "2026-02-11T18:46:15.172Z",
        "dateUpdated": "2026-03-10T16:51:59.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41739 (GCVE-0-2025-41739)

    Vulnerability from nvd – Published: 2025-12-01 10:00 – Updated: 2026-01-07 17:09
    VLAI
    Title
    CODESYS Control - Linux/QNX SysSocket flaw
    Summary
    An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS PLCHandler Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS TargetVisu for Linux SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T14:03:10.321003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T17:09:52.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS TargetVisu for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:00:44.373Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-099"
            }
          ],
          "source": {
            "advisory": "VDE-2025-099",
            "defect": [
              "CERT@VDE#641888"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Linux/QNX SysSocket flaw",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41739",
        "datePublished": "2025-12-01T10:00:44.373Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2026-01-07T17:09:52.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41738 (GCVE-0-2025-41738)

    Vulnerability from nvd – Published: 2025-12-01 10:02 – Updated: 2025-12-01 14:00
    VLAI
    Title
    CODESYS Control - Invalid type usage in visualization
    Summary
    An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:59:44.375519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T14:00:28.509Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:33.407Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-100"
            }
          ],
          "source": {
            "advisory": "VDE-2025-100",
            "defect": [
              "CERT@VDE#641889"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Invalid type usage in visualization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41738",
        "datePublished": "2025-12-01T10:02:33.407Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2025-12-01T14:00:28.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41700 (GCVE-0-2025-41700)

    Vulnerability from nvd – Published: 2025-12-01 10:02 – Updated: 2025-12-01 13:59
    VLAI
    Title
    CODESYS Development System - Deserialization of Untrusted Data
    Summary
    An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 0.0.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    Credits
    MengyuXia from Beijing Aerospace Wanyuan Science & Technology Co, Ltd.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41700",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:25:21.754600Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T13:59:26.310Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "MengyuXia from Beijing Aerospace Wanyuan Science \u0026 Technology Co, Ltd."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:47.312Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-101"
            }
          ],
          "source": {
            "advisory": "VDE-2025-101",
            "defect": [
              "CERT@VDE#641842"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Development System - Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41700",
        "datePublished": "2025-12-01T10:02:47.312Z",
        "dateReserved": "2025-04-16T11:17:48.310Z",
        "dateUpdated": "2025-12-01T13:59:26.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41691 (GCVE-0-2025-41691)

    Vulnerability from nvd – Published: 2025-08-04 08:04 – Updated: 2025-08-04 16:32
    VLAI
    Title
    CODESYS Control DoS via Unauthenticated NULL Pointer Dereference
    Summary
    An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS Control RTE (SL) Affected: 3.5.21.10 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.21.10 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Control Win (SL) Affected: 3.5.21.10 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS HMI (SL) Affected: 3.5.21.10 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Control for BeagleBone SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for emPC-A/iMX6 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for IOT2000 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for Linux ARM SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for Linux SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for PFC100 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for PFC200 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for PLCnext SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for Raspberry Pi SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Virtual Control SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41691",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T16:28:09.392670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T16:32:30.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "3.5.21.10",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "3.5.21.10",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "3.5.21.10",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "3.5.21.10",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T08:04:34.981Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-070"
            }
          ],
          "source": {
            "advisory": "VDE-2025-070",
            "defect": [
              "CERT@VDE#641834"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control DoS via Unauthenticated NULL Pointer Dereference",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41691",
        "datePublished": "2025-08-04T08:04:34.981Z",
        "dateReserved": "2025-04-16T11:17:48.309Z",
        "dateUpdated": "2025-08-04T16:32:30.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41659 (GCVE-0-2025-41659)

    Vulnerability from nvd – Published: 2025-08-04 08:04 – Updated: 2025-08-04 16:35
    VLAI
    Title
    CODESYS Control PKI Exposure Enables Remote Certificate Access
    Summary
    A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS Control RTE (SL) Affected: 0.0.0.0 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Control RTE (for Beckhoff CX) SL Affected: 0.0.0.0 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Control Win (SL) Affected: 0.0.0.0 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS HMI (SL) Affected: 0.0.0.0 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Runtime Toolkit Affected: 0.0.0.0 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Control for BeagleBone SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for emPC-A/iMX6 SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for IOT2000 SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for Linux ARM SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for Linux SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for PFC100 SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for PFC200 SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for PLCnext SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for Raspberry Pi SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for WAGO Touch Panels 600 SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Virtual Control SL Affected: 0.0.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    Credits
    Luca Borzacchiello from Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41659",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T16:34:47.316036Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T16:35:32.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Luca Borzacchiello from Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.\u003cbr\u003e"
                }
              ],
              "value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T08:04:04.597Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-051"
            }
          ],
          "source": {
            "advisory": "VDE-2025-051",
            "defect": [
              "CERT@VDE#641801"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control PKI Exposure Enables Remote Certificate Access",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41659",
        "datePublished": "2025-08-04T08:04:04.597Z",
        "dateReserved": "2025-04-16T11:17:48.307Z",
        "dateUpdated": "2025-08-04T16:35:32.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41658 (GCVE-0-2025-41658)

    Vulnerability from nvd – Published: 2025-08-04 08:03 – Updated: 2025-08-04 11:52
    VLAI
    Title
    CODESYS Toolkit Exposes Sensitive Files via Default Permissions
    Summary
    CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Credits
    Luca Borzacchiello from Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41658",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T11:52:31.347383Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T11:52:37.949Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.16.0.0",
                  "status": "affected",
                  "version": "0.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Luca Borzacchiello from Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.\u003cbr\u003e"
                }
              ],
              "value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T08:03:26.511Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-049"
            }
          ],
          "source": {
            "advisory": "VDE-2025-049",
            "defect": [
              "CERT@VDE#641799"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Toolkit Exposes Sensitive Files via Default Permissions",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41658",
        "datePublished": "2025-08-04T08:03:26.511Z",
        "dateReserved": "2025-04-16T11:17:48.306Z",
        "dateUpdated": "2025-08-04T11:52:37.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-8047 (GCVE-0-2026-8047)

    Vulnerability from cvelistv5 – Published: 2026-05-26 06:49 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Out-of-bounds Write in CODESYS Control
    Summary
    The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:45:06.909963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:24.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_virtual_control_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device."
                }
              ],
              "value": "The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:49:54.813Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-057/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-057",
            "defect": [
              "CERT@VDE#642073"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Write in CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-8047",
        "datePublished": "2026-05-26T06:49:54.813Z",
        "dateReserved": "2026-05-06T17:12:05.142Z",
        "dateUpdated": "2026-05-26T10:48:24.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8046 (GCVE-0-2026-8046)

    Vulnerability from cvelistv5 – Published: 2026-05-26 06:45 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Incorrect Authorization in CODESYS Control
    Summary
    The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:58.318097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:37.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_virtual_control_sl_:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ABB AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
                }
              ],
              "value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:46:47.189Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-056/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-056",
            "defect": [
              "CERT@VDE#642072"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Authorization in CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-8046",
        "datePublished": "2026-05-26T06:45:21.724Z",
        "dateReserved": "2026-05-06T17:10:12.759Z",
        "dateUpdated": "2026-05-26T10:48:37.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44469 (GCVE-0-2026-44469)

    Vulnerability from cvelistv5 – Published: 2026-05-26 06:39 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Incorrect Default Permissions in CODESYS Development System
    Summary
    The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:51.917941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:51.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_development_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation."
                }
              ],
              "value": "The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:39:04.477Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-055/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-055",
            "defect": [
              "CERT@VDE#642071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Default Permissions in CODESYS Development System",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-44469",
        "datePublished": "2026-05-26T06:39:04.477Z",
        "dateReserved": "2026-05-06T17:08:03.356Z",
        "dateUpdated": "2026-05-26T10:48:51.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44468 (GCVE-0-2026-44468)

    Vulnerability from cvelistv5 – Published: 2026-05-26 06:37 – Updated: 2026-05-26 10:49
    VLAI
    Title
    Incorrect Default Permissions in CODESYS Development System
    Summary
    The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:43.453556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:49:05.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_development_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components."
                }
              ],
              "value": "The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:37:53.259Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-055/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-055",
            "defect": [
              "CERT@VDE#642071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Default Permissions in CODESYS Development System",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-44468",
        "datePublished": "2026-05-26T06:37:53.259Z",
        "dateReserved": "2026-05-06T17:08:03.356Z",
        "dateUpdated": "2026-05-26T10:49:05.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0393 (GCVE-0-2026-0393)

    Vulnerability from cvelistv5 – Published: 2026-05-21 10:44 – Updated: 2026-05-21 13:22
    VLAI
    Title
    CODESYS Visualization - Insufficiently Protected Credentials
    Summary
    The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS Visualization Affected: 1.0.0.0 , < 4.10.0.0 (semver)
    Create a notification for this product.
    Credits
    Silvan Schweizer from CTA AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T13:21:50.408211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T13:22:36.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Visualization",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.10.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:visualization:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.10.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Silvan Schweizer from CTA AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."
                }
              ],
              "value": "The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T10:44:42.517Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-052",
            "defect": [
              "CERT@VDE#641921"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Visualization - Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-0393",
        "datePublished": "2026-05-21T10:44:42.517Z",
        "dateReserved": "2025-11-27T14:02:51.635Z",
        "dateUpdated": "2026-05-21T13:22:36.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35227 (GCVE-0-2026-35227)

    Vulnerability from cvelistv5 – Published: 2026-05-12 07:14 – Updated: 2026-05-13 14:38
    VLAI
    Title
    Improper resource management in CODESYS Modbus TCP Server
    Summary
    An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-772 - Missing Release of Resource after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Modbus Affected: 1.0.0.0 , < 4.6.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB Schweiz AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:29:08.743627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:38:41.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Modbus",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.6.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_modbus:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB Schweiz AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-772",
                  "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T07:14:41.517Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-042"
            }
          ],
          "source": {
            "advisory": "VDE-2026-042",
            "defect": [
              "CERT@VDE#642013"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Improper resource management in CODESYS Modbus TCP Server",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35227",
        "datePublished": "2026-05-12T07:14:41.517Z",
        "dateReserved": "2026-04-01T19:54:21.499Z",
        "dateUpdated": "2026-05-13T14:38:41.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35225 (GCVE-0-2026-35225)

    Vulnerability from cvelistv5 – Published: 2026-04-23 13:54 – Updated: 2026-04-23 15:35
    VLAI
    Title
    Improper timeout handling in CODESYS EtherNetIP
    Summary
    An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS EtherNetIP Affected: 1.0.0.0 , < 4.9.0.0 (custom)
    Create a notification for this product.
    Credits
    ABB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-23T15:35:35.243946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-23T15:35:43.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS EtherNetIP",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.9.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_ethernetip:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.9.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ABB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."
                }
              ],
              "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T13:54:51.863Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.certvde.com/en/advisories/VDE-2026-040/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper timeout handling in CODESYS EtherNetIP",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35225",
        "datePublished": "2026-04-23T13:54:51.863Z",
        "dateReserved": "2026-04-01T19:54:21.499Z",
        "dateUpdated": "2026-04-23T15:35:43.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3509 (GCVE-0-2026-3509)

    Vulnerability from cvelistv5 – Published: 2026-03-24 07:42 – Updated: 2026-03-26 12:35
    VLAI
    Title
    CODESYS Control Audit Log Format String DoS
    Summary
    An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Use of Externally-Controlled Format String
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T12:35:33.893071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T12:35:48.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial\u2011of\u2011service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial\u2011of\u2011service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134 Use of Externally-Controlled Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T07:42:33.820Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-018"
            }
          ],
          "source": {
            "advisory": "VDE-2026-018",
            "defect": [
              "CERT@VDE#641968"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control Audit Log Format String DoS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-3509",
        "datePublished": "2026-03-24T07:42:33.820Z",
        "dateReserved": "2026-03-04T09:24:19.745Z",
        "dateUpdated": "2026-03-26T12:35:48.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41660 (GCVE-0-2025-41660)

    Vulnerability from cvelistv5 – Published: 2026-03-24 07:41 – Updated: 2026-03-24 13:16
    VLAI
    Title
    CODESYS Control Boot Application Replacement Enables Code Execution
    Summary
    A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Credits
    Luca Borzacchiello from Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T13:15:49.570572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T13:16:02.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Luca Borzacchiello from Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.\u003cbr\u003e"
                }
              ],
              "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T07:41:43.004Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-011"
            }
          ],
          "source": {
            "advisory": "VDE-2026-011",
            "defect": [
              "CERT@VDE#641802"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control Boot Application Replacement Enables Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41660",
        "datePublished": "2026-03-24T07:41:43.004Z",
        "dateReserved": "2025-04-16T11:17:48.307Z",
        "dateUpdated": "2026-03-24T13:16:02.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2364 (GCVE-0-2026-2364)

    Vulnerability from cvelistv5 – Published: 2026-03-10 07:22 – Updated: 2026-03-10 16:51
    VLAI
    Title
    CODESYS Installer TOCTOU Privilege Escalation
    Summary
    If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Installer Affected: 0.0.0 , < 2.6.1.0 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2364",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:39:49.202345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:59.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Installer",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "2.6.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.\u003cbr\u003e"
                }
              ],
              "value": "If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T07:22:42.658Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-012"
            }
          ],
          "source": {
            "advisory": "VDE-2026-012",
            "defect": [
              "CERT@VDE#641953"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Installer TOCTOU Privilege Escalation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-2364",
        "datePublished": "2026-03-10T07:22:42.658Z",
        "dateReserved": "2026-02-11T18:46:15.172Z",
        "dateUpdated": "2026-03-10T16:51:59.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41700 (GCVE-0-2025-41700)

    Vulnerability from cvelistv5 – Published: 2025-12-01 10:02 – Updated: 2025-12-01 13:59
    VLAI
    Title
    CODESYS Development System - Deserialization of Untrusted Data
    Summary
    An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 0.0.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    Credits
    MengyuXia from Beijing Aerospace Wanyuan Science & Technology Co, Ltd.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41700",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:25:21.754600Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T13:59:26.310Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "MengyuXia from Beijing Aerospace Wanyuan Science \u0026 Technology Co, Ltd."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:47.312Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-101"
            }
          ],
          "source": {
            "advisory": "VDE-2025-101",
            "defect": [
              "CERT@VDE#641842"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Development System - Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41700",
        "datePublished": "2025-12-01T10:02:47.312Z",
        "dateReserved": "2025-04-16T11:17:48.310Z",
        "dateUpdated": "2025-12-01T13:59:26.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41738 (GCVE-0-2025-41738)

    Vulnerability from cvelistv5 – Published: 2025-12-01 10:02 – Updated: 2025-12-01 14:00
    VLAI
    Title
    CODESYS Control - Invalid type usage in visualization
    Summary
    An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:59:44.375519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T14:00:28.509Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:33.407Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-100"
            }
          ],
          "source": {
            "advisory": "VDE-2025-100",
            "defect": [
              "CERT@VDE#641889"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Invalid type usage in visualization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41738",
        "datePublished": "2025-12-01T10:02:33.407Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2025-12-01T14:00:28.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41739 (GCVE-0-2025-41739)

    Vulnerability from cvelistv5 – Published: 2025-12-01 10:00 – Updated: 2026-01-07 17:09
    VLAI
    Title
    CODESYS Control - Linux/QNX SysSocket flaw
    Summary
    An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS PLCHandler Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS TargetVisu for Linux SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T14:03:10.321003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T17:09:52.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS TargetVisu for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:00:44.373Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-099"
            }
          ],
          "source": {
            "advisory": "VDE-2025-099",
            "defect": [
              "CERT@VDE#641888"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Linux/QNX SysSocket flaw",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41739",
        "datePublished": "2025-12-01T10:00:44.373Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2026-01-07T17:09:52.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41691 (GCVE-0-2025-41691)

    Vulnerability from cvelistv5 – Published: 2025-08-04 08:04 – Updated: 2025-08-04 16:32
    VLAI
    Title
    CODESYS Control DoS via Unauthenticated NULL Pointer Dereference
    Summary
    An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS Control RTE (SL) Affected: 3.5.21.10 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.21.10 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Control Win (SL) Affected: 3.5.21.10 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS HMI (SL) Affected: 3.5.21.10 , < 3.5.21.20 (semver)
    Create a notification for this product.
    CODESYS Control for BeagleBone SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for emPC-A/iMX6 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for IOT2000 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for Linux ARM SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for Linux SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for PFC100 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for PFC200 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for PLCnext SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for Raspberry Pi SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    CODESYS Virtual Control SL Affected: 4.16.0.0 , < 4.17.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41691",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T16:28:09.392670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T16:32:30.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "3.5.21.10",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "3.5.21.10",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "3.5.21.10",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.20",
                  "status": "affected",
                  "version": "3.5.21.10",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.17.0.0",
                  "status": "affected",
                  "version": "4.16.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T08:04:34.981Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-070"
            }
          ],
          "source": {
            "advisory": "VDE-2025-070",
            "defect": [
              "CERT@VDE#641834"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control DoS via Unauthenticated NULL Pointer Dereference",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41691",
        "datePublished": "2025-08-04T08:04:34.981Z",
        "dateReserved": "2025-04-16T11:17:48.309Z",
        "dateUpdated": "2025-08-04T16:32:30.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }