Search
Find a vulnerability
Search criteria
6 vulnerabilities found for Virtual Control SL by CODESYS
CVE-2025-41691 (GCVE-0-2025-41691)
Vulnerability from nvd – Published: 2025-08-04 08:04 – Updated: 2025-08-04 16:32
VLAI
Title
CODESYS Control DoS via Unauthenticated NULL Pointer Dereference
Summary
An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | Control RTE (SL) |
Affected:
3.5.21.10 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control RTE (for Beckhoff CX) SL |
Affected:
3.5.21.10 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control Win (SL) |
Affected:
3.5.21.10 , < 3.5.21.20
(semver)
|
|
| CODESYS | HMI (SL) |
Affected:
3.5.21.10 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control for BeagleBone SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for emPC-A/iMX6 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for IOT2000 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Linux ARM SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Linux SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PFC100 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PFC200 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PLCnext SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Raspberry Pi SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for WAGO Touch Panels 600 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Virtual Control SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:28:09.392670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:32:30.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:04:34.981Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-070"
}
],
"source": {
"advisory": "VDE-2025-070",
"defect": [
"CERT@VDE#641834"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control DoS via Unauthenticated NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41691",
"datePublished": "2025-08-04T08:04:34.981Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-08-04T16:32:30.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41659 (GCVE-0-2025-41659)
Vulnerability from nvd – Published: 2025-08-04 08:04 – Updated: 2025-08-04 16:35
VLAI
Title
CODESYS Control PKI Exposure Enables Remote Certificate Access
Summary
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | Control RTE (SL) |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control RTE (for Beckhoff CX) SL |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control Win (SL) |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | HMI (SL) |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Runtime Toolkit |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control for BeagleBone SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for emPC-A/iMX6 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for IOT2000 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Linux ARM SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Linux SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PFC100 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PFC200 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PLCnext SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Raspberry Pi SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for WAGO Touch Panels 600 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Virtual Control SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:34:47.316036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:35:32.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luca Borzacchiello from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.\u003cbr\u003e"
}
],
"value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:04:04.597Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-051"
}
],
"source": {
"advisory": "VDE-2025-051",
"defect": [
"CERT@VDE#641801"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control PKI Exposure Enables Remote Certificate Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41659",
"datePublished": "2025-08-04T08:04:04.597Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-08-04T16:35:32.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41658 (GCVE-0-2025-41658)
Vulnerability from nvd – Published: 2025-08-04 08:03 – Updated: 2025-08-04 11:52
VLAI
Title
CODESYS Toolkit Exposes Sensitive Files via Default Permissions
Summary
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | Runtime Toolkit |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control for BeagleBone SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for emPC-A/iMX6 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for IOT2000 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for Linux ARM SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for Linux SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for PFC100 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for PFC200 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for PLCnext SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for Raspberry Pi SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for WAGO Touch Panels 600 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Virtual Control SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T11:52:31.347383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T11:52:37.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luca Borzacchiello from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.\u003cbr\u003e"
}
],
"value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:03:26.511Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-049"
}
],
"source": {
"advisory": "VDE-2025-049",
"defect": [
"CERT@VDE#641799"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Toolkit Exposes Sensitive Files via Default Permissions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41658",
"datePublished": "2025-08-04T08:03:26.511Z",
"dateReserved": "2025-04-16T11:17:48.306Z",
"dateUpdated": "2025-08-04T11:52:37.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41691 (GCVE-0-2025-41691)
Vulnerability from cvelistv5 – Published: 2025-08-04 08:04 – Updated: 2025-08-04 16:32
VLAI
Title
CODESYS Control DoS via Unauthenticated NULL Pointer Dereference
Summary
An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | Control RTE (SL) |
Affected:
3.5.21.10 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control RTE (for Beckhoff CX) SL |
Affected:
3.5.21.10 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control Win (SL) |
Affected:
3.5.21.10 , < 3.5.21.20
(semver)
|
|
| CODESYS | HMI (SL) |
Affected:
3.5.21.10 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control for BeagleBone SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for emPC-A/iMX6 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for IOT2000 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Linux ARM SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Linux SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PFC100 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PFC200 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PLCnext SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Raspberry Pi SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for WAGO Touch Panels 600 SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Virtual Control SL |
Affected:
4.16.0.0 , < 4.17.0.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:28:09.392670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:32:30.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:04:34.981Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-070"
}
],
"source": {
"advisory": "VDE-2025-070",
"defect": [
"CERT@VDE#641834"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control DoS via Unauthenticated NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41691",
"datePublished": "2025-08-04T08:04:34.981Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-08-04T16:32:30.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41659 (GCVE-0-2025-41659)
Vulnerability from cvelistv5 – Published: 2025-08-04 08:04 – Updated: 2025-08-04 16:35
VLAI
Title
CODESYS Control PKI Exposure Enables Remote Certificate Access
Summary
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | Control RTE (SL) |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control RTE (for Beckhoff CX) SL |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control Win (SL) |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | HMI (SL) |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Runtime Toolkit |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control for BeagleBone SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for emPC-A/iMX6 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for IOT2000 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Linux ARM SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Linux SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PFC100 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PFC200 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for PLCnext SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for Raspberry Pi SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Control for WAGO Touch Panels 600 SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
|
| CODESYS | Virtual Control SL |
Affected:
0.0.0.0 , < 4.17.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:34:47.316036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:35:32.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luca Borzacchiello from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.\u003cbr\u003e"
}
],
"value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:04:04.597Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-051"
}
],
"source": {
"advisory": "VDE-2025-051",
"defect": [
"CERT@VDE#641801"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control PKI Exposure Enables Remote Certificate Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41659",
"datePublished": "2025-08-04T08:04:04.597Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-08-04T16:35:32.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41658 (GCVE-0-2025-41658)
Vulnerability from cvelistv5 – Published: 2025-08-04 08:03 – Updated: 2025-08-04 11:52
VLAI
Title
CODESYS Toolkit Exposes Sensitive Files via Default Permissions
Summary
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | Runtime Toolkit |
Affected:
0.0.0.0 , < 3.5.21.20
(semver)
|
|
| CODESYS | Control for BeagleBone SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for emPC-A/iMX6 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for IOT2000 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for Linux ARM SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for Linux SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for PFC100 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for PFC200 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for PLCnext SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for Raspberry Pi SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Control for WAGO Touch Panels 600 SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
|
| CODESYS | Virtual Control SL |
Affected:
0.0.0.0 , < 4.16.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T11:52:31.347383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T11:52:37.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luca Borzacchiello from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.\u003cbr\u003e"
}
],
"value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:03:26.511Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-049"
}
],
"source": {
"advisory": "VDE-2025-049",
"defect": [
"CERT@VDE#641799"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Toolkit Exposes Sensitive Files via Default Permissions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41658",
"datePublished": "2025-08-04T08:03:26.511Z",
"dateReserved": "2025-04-16T11:17:48.306Z",
"dateUpdated": "2025-08-04T11:52:37.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}