Search
Find a vulnerability
Search criteria
4 vulnerabilities found for CODESYS Visualization by CODESYS
CVE-2025-2595 (GCVE-0-2025-2595)
Vulnerability from nvd – Published: 2025-04-23 07:54 – Updated: 2025-04-23 16:27
VLAI
Title
Forced Browsing Vulnerability in CODESYS Visualization
Summary
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Visualization |
Affected:
0.0.0.0 , < 4.8.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:25:51.380319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:27:02.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Visualization",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "M. Ankith by Honeywell"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
}
],
"value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T07:54:00.430Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-027"
}
],
"source": {
"advisory": "VDE-2025-027",
"defect": [
"CERT@VDE#641763"
],
"discovery": "UNKNOWN"
},
"title": "Forced Browsing Vulnerability in CODESYS Visualization",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-2595",
"datePublished": "2025-04-23T07:54:00.430Z",
"dateReserved": "2025-03-21T09:47:52.440Z",
"dateUpdated": "2025-04-23T16:27:02.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1989 (GCVE-0-2022-1989)
Vulnerability from nvd – Published: 2022-08-23 09:55 – Updated: 2024-09-16 18:29
VLAI
Title
CODESYS Visualization vulnerable to user enumeration
Summary
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
Severity
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://customers.codesys.com/index.php?eID=dumpF… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Visualization |
Affected:
V3 , < V4.2.0.0
(custom)
|
Date Public
2022-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Visualization",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.2.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T09:55:29.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Visualization vulnerable to user enumeration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-03T10:00:00.000Z",
"ID": "CVE-2022-1989",
"STATE": "PUBLIC",
"TITLE": "CODESYS Visualization vulnerable to user enumeration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Visualization",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.2.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204 Response Discrepancy Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-1989",
"datePublished": "2022-08-23T09:55:29.938Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:29:51.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2595 (GCVE-0-2025-2595)
Vulnerability from cvelistv5 – Published: 2025-04-23 07:54 – Updated: 2025-04-23 16:27
VLAI
Title
Forced Browsing Vulnerability in CODESYS Visualization
Summary
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Visualization |
Affected:
0.0.0.0 , < 4.8.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:25:51.380319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:27:02.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Visualization",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "M. Ankith by Honeywell"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
}
],
"value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T07:54:00.430Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-027"
}
],
"source": {
"advisory": "VDE-2025-027",
"defect": [
"CERT@VDE#641763"
],
"discovery": "UNKNOWN"
},
"title": "Forced Browsing Vulnerability in CODESYS Visualization",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-2595",
"datePublished": "2025-04-23T07:54:00.430Z",
"dateReserved": "2025-03-21T09:47:52.440Z",
"dateUpdated": "2025-04-23T16:27:02.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1989 (GCVE-0-2022-1989)
Vulnerability from cvelistv5 – Published: 2022-08-23 09:55 – Updated: 2024-09-16 18:29
VLAI
Title
CODESYS Visualization vulnerable to user enumeration
Summary
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
Severity
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://customers.codesys.com/index.php?eID=dumpF… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Visualization |
Affected:
V3 , < V4.2.0.0
(custom)
|
Date Public
2022-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Visualization",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.2.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T09:55:29.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Visualization vulnerable to user enumeration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-03T10:00:00.000Z",
"ID": "CVE-2022-1989",
"STATE": "PUBLIC",
"TITLE": "CODESYS Visualization vulnerable to user enumeration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Visualization",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.2.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204 Response Discrepancy Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-1989",
"datePublished": "2022-08-23T09:55:29.938Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:29:51.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}