Search

Find a vulnerability

Search criteria

    368 vulnerabilities by codesys

    CVE-2026-8047 (GCVE-0-2026-8047)

    Vulnerability from nvd – Published: 2026-05-26 06:49 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Out-of-bounds Write in CODESYS Control
    Summary
    The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:45:06.909963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:24.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_virtual_control_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device."
                }
              ],
              "value": "The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:49:54.813Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-057/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-057",
            "defect": [
              "CERT@VDE#642073"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Write in CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-8047",
        "datePublished": "2026-05-26T06:49:54.813Z",
        "dateReserved": "2026-05-06T17:12:05.142Z",
        "dateUpdated": "2026-05-26T10:48:24.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8046 (GCVE-0-2026-8046)

    Vulnerability from nvd – Published: 2026-05-26 06:45 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Incorrect Authorization in CODESYS Control
    Summary
    The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:58.318097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:37.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_virtual_control_sl_:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ABB AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
                }
              ],
              "value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:46:47.189Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-056/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-056",
            "defect": [
              "CERT@VDE#642072"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Authorization in CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-8046",
        "datePublished": "2026-05-26T06:45:21.724Z",
        "dateReserved": "2026-05-06T17:10:12.759Z",
        "dateUpdated": "2026-05-26T10:48:37.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44469 (GCVE-0-2026-44469)

    Vulnerability from nvd – Published: 2026-05-26 06:39 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Incorrect Default Permissions in CODESYS Development System
    Summary
    The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:51.917941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:51.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_development_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation."
                }
              ],
              "value": "The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:39:04.477Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-055/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-055",
            "defect": [
              "CERT@VDE#642071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Default Permissions in CODESYS Development System",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-44469",
        "datePublished": "2026-05-26T06:39:04.477Z",
        "dateReserved": "2026-05-06T17:08:03.356Z",
        "dateUpdated": "2026-05-26T10:48:51.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44468 (GCVE-0-2026-44468)

    Vulnerability from nvd – Published: 2026-05-26 06:37 – Updated: 2026-05-26 10:49
    VLAI
    Title
    Incorrect Default Permissions in CODESYS Development System
    Summary
    The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:43.453556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:49:05.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_development_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components."
                }
              ],
              "value": "The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:37:53.259Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-055/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-055",
            "defect": [
              "CERT@VDE#642071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Default Permissions in CODESYS Development System",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-44468",
        "datePublished": "2026-05-26T06:37:53.259Z",
        "dateReserved": "2026-05-06T17:08:03.356Z",
        "dateUpdated": "2026-05-26T10:49:05.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0393 (GCVE-0-2026-0393)

    Vulnerability from nvd – Published: 2026-05-21 10:44 – Updated: 2026-05-21 13:22
    VLAI
    Title
    CODESYS Visualization - Insufficiently Protected Credentials
    Summary
    The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS Visualization Affected: 1.0.0.0 , < 4.10.0.0 (semver)
    Create a notification for this product.
    Credits
    Silvan Schweizer from CTA AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T13:21:50.408211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T13:22:36.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Visualization",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.10.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:visualization:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.10.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Silvan Schweizer from CTA AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."
                }
              ],
              "value": "The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T10:44:42.517Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-052",
            "defect": [
              "CERT@VDE#641921"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Visualization - Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-0393",
        "datePublished": "2026-05-21T10:44:42.517Z",
        "dateReserved": "2025-11-27T14:02:51.635Z",
        "dateUpdated": "2026-05-21T13:22:36.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35227 (GCVE-0-2026-35227)

    Vulnerability from nvd – Published: 2026-05-12 07:14 – Updated: 2026-05-13 14:38
    VLAI
    Title
    Improper resource management in CODESYS Modbus TCP Server
    Summary
    An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-772 - Missing Release of Resource after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Modbus Affected: 1.0.0.0 , < 4.6.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB Schweiz AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:29:08.743627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:38:41.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Modbus",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.6.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_modbus:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB Schweiz AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-772",
                  "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T07:14:41.517Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-042"
            }
          ],
          "source": {
            "advisory": "VDE-2026-042",
            "defect": [
              "CERT@VDE#642013"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Improper resource management in CODESYS Modbus TCP Server",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35227",
        "datePublished": "2026-05-12T07:14:41.517Z",
        "dateReserved": "2026-04-01T19:54:21.499Z",
        "dateUpdated": "2026-05-13T14:38:41.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35225 (GCVE-0-2026-35225)

    Vulnerability from nvd – Published: 2026-04-23 13:54 – Updated: 2026-04-23 15:35
    VLAI
    Title
    Improper timeout handling in CODESYS EtherNetIP
    Summary
    An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS EtherNetIP Affected: 1.0.0.0 , < 4.9.0.0 (custom)
    Create a notification for this product.
    Credits
    ABB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-23T15:35:35.243946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-23T15:35:43.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS EtherNetIP",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.9.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_ethernetip:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.9.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ABB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."
                }
              ],
              "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T13:54:51.863Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.certvde.com/en/advisories/VDE-2026-040/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper timeout handling in CODESYS EtherNetIP",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35225",
        "datePublished": "2026-04-23T13:54:51.863Z",
        "dateReserved": "2026-04-01T19:54:21.499Z",
        "dateUpdated": "2026-04-23T15:35:43.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3509 (GCVE-0-2026-3509)

    Vulnerability from nvd – Published: 2026-03-24 07:42 – Updated: 2026-03-26 12:35
    VLAI
    Title
    CODESYS Control Audit Log Format String DoS
    Summary
    An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Use of Externally-Controlled Format String
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T12:35:33.893071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T12:35:48.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial\u2011of\u2011service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial\u2011of\u2011service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134 Use of Externally-Controlled Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T07:42:33.820Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-018"
            }
          ],
          "source": {
            "advisory": "VDE-2026-018",
            "defect": [
              "CERT@VDE#641968"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control Audit Log Format String DoS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-3509",
        "datePublished": "2026-03-24T07:42:33.820Z",
        "dateReserved": "2026-03-04T09:24:19.745Z",
        "dateUpdated": "2026-03-26T12:35:48.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41660 (GCVE-0-2025-41660)

    Vulnerability from nvd – Published: 2026-03-24 07:41 – Updated: 2026-03-24 13:16
    VLAI
    Title
    CODESYS Control Boot Application Replacement Enables Code Execution
    Summary
    A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Credits
    Luca Borzacchiello from Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T13:15:49.570572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T13:16:02.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Luca Borzacchiello from Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.\u003cbr\u003e"
                }
              ],
              "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T07:41:43.004Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-011"
            }
          ],
          "source": {
            "advisory": "VDE-2026-011",
            "defect": [
              "CERT@VDE#641802"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control Boot Application Replacement Enables Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41660",
        "datePublished": "2026-03-24T07:41:43.004Z",
        "dateReserved": "2025-04-16T11:17:48.307Z",
        "dateUpdated": "2026-03-24T13:16:02.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2364 (GCVE-0-2026-2364)

    Vulnerability from nvd – Published: 2026-03-10 07:22 – Updated: 2026-03-10 16:51
    VLAI
    Title
    CODESYS Installer TOCTOU Privilege Escalation
    Summary
    If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Installer Affected: 0.0.0 , < 2.6.1.0 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2364",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:39:49.202345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:59.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Installer",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "2.6.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.\u003cbr\u003e"
                }
              ],
              "value": "If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T07:22:42.658Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-012"
            }
          ],
          "source": {
            "advisory": "VDE-2026-012",
            "defect": [
              "CERT@VDE#641953"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Installer TOCTOU Privilege Escalation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-2364",
        "datePublished": "2026-03-10T07:22:42.658Z",
        "dateReserved": "2026-02-11T18:46:15.172Z",
        "dateUpdated": "2026-03-10T16:51:59.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41739 (GCVE-0-2025-41739)

    Vulnerability from nvd – Published: 2025-12-01 10:00 – Updated: 2026-01-07 17:09
    VLAI
    Title
    CODESYS Control - Linux/QNX SysSocket flaw
    Summary
    An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS PLCHandler Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS TargetVisu for Linux SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T14:03:10.321003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T17:09:52.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS TargetVisu for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:00:44.373Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-099"
            }
          ],
          "source": {
            "advisory": "VDE-2025-099",
            "defect": [
              "CERT@VDE#641888"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Linux/QNX SysSocket flaw",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41739",
        "datePublished": "2025-12-01T10:00:44.373Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2026-01-07T17:09:52.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41738 (GCVE-0-2025-41738)

    Vulnerability from nvd – Published: 2025-12-01 10:02 – Updated: 2025-12-01 14:00
    VLAI
    Title
    CODESYS Control - Invalid type usage in visualization
    Summary
    An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:59:44.375519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T14:00:28.509Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:33.407Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-100"
            }
          ],
          "source": {
            "advisory": "VDE-2025-100",
            "defect": [
              "CERT@VDE#641889"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Invalid type usage in visualization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41738",
        "datePublished": "2025-12-01T10:02:33.407Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2025-12-01T14:00:28.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41700 (GCVE-0-2025-41700)

    Vulnerability from nvd – Published: 2025-12-01 10:02 – Updated: 2025-12-01 13:59
    VLAI
    Title
    CODESYS Development System - Deserialization of Untrusted Data
    Summary
    An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 0.0.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    Credits
    MengyuXia from Beijing Aerospace Wanyuan Science & Technology Co, Ltd.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41700",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:25:21.754600Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T13:59:26.310Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "MengyuXia from Beijing Aerospace Wanyuan Science \u0026 Technology Co, Ltd."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:47.312Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-101"
            }
          ],
          "source": {
            "advisory": "VDE-2025-101",
            "defect": [
              "CERT@VDE#641842"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Development System - Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41700",
        "datePublished": "2025-12-01T10:02:47.312Z",
        "dateReserved": "2025-04-16T11:17:48.310Z",
        "dateUpdated": "2025-12-01T13:59:26.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8047 (GCVE-0-2026-8047)

    Vulnerability from cvelistv5 – Published: 2026-05-26 06:49 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Out-of-bounds Write in CODESYS Control
    Summary
    The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.21.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.15.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:45:06.909963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:24.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.5.21.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_virtual_control_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "4.15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device."
                }
              ],
              "value": "The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:49:54.813Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-057/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-057",
            "defect": [
              "CERT@VDE#642073"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Write in CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-8047",
        "datePublished": "2026-05-26T06:49:54.813Z",
        "dateReserved": "2026-05-06T17:12:05.142Z",
        "dateUpdated": "2026-05-26T10:48:24.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8046 (GCVE-0-2026-8046)

    Vulnerability from cvelistv5 – Published: 2026-05-26 06:45 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Incorrect Authorization in CODESYS Control
    Summary
    The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 3.0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:58.318097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:37.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_virtual_control_sl_:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.21.0.0",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ABB AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
                }
              ],
              "value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:46:47.189Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-056/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-056",
            "defect": [
              "CERT@VDE#642072"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Authorization in CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-8046",
        "datePublished": "2026-05-26T06:45:21.724Z",
        "dateReserved": "2026-05-06T17:10:12.759Z",
        "dateUpdated": "2026-05-26T10:48:37.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44469 (GCVE-0-2026-44469)

    Vulnerability from cvelistv5 – Published: 2026-05-26 06:39 – Updated: 2026-05-26 10:48
    VLAI
    Title
    Incorrect Default Permissions in CODESYS Development System
    Summary
    The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:51.917941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:48:51.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_development_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation."
                }
              ],
              "value": "The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:39:04.477Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-055/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-055",
            "defect": [
              "CERT@VDE#642071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Default Permissions in CODESYS Development System",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-44469",
        "datePublished": "2026-05-26T06:39:04.477Z",
        "dateReserved": "2026-05-06T17:08:03.356Z",
        "dateUpdated": "2026-05-26T10:48:51.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44468 (GCVE-0-2026-44468)

    Vulnerability from cvelistv5 – Published: 2026-05-26 06:37 – Updated: 2026-05-26 10:49
    VLAI
    Title
    Incorrect Default Permissions in CODESYS Development System
    Summary
    The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 3.0.0.0 , < 3.5.22.20 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T10:44:43.453556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T10:49:05.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.20",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_development_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.22.20",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components."
                }
              ],
              "value": "The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T06:37:53.259Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-055/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-055",
            "defect": [
              "CERT@VDE#642071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Default Permissions in CODESYS Development System",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-44468",
        "datePublished": "2026-05-26T06:37:53.259Z",
        "dateReserved": "2026-05-06T17:08:03.356Z",
        "dateUpdated": "2026-05-26T10:49:05.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0393 (GCVE-0-2026-0393)

    Vulnerability from cvelistv5 – Published: 2026-05-21 10:44 – Updated: 2026-05-21 13:22
    VLAI
    Title
    CODESYS Visualization - Insufficiently Protected Credentials
    Summary
    The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS Visualization Affected: 1.0.0.0 , < 4.10.0.0 (semver)
    Create a notification for this product.
    Credits
    Silvan Schweizer from CTA AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T13:21:50.408211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T13:22:36.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Visualization",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.10.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:visualization:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.10.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Silvan Schweizer from CTA AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."
                }
              ],
              "value": "The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T10:44:42.517Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-052",
            "defect": [
              "CERT@VDE#641921"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Visualization - Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-0393",
        "datePublished": "2026-05-21T10:44:42.517Z",
        "dateReserved": "2025-11-27T14:02:51.635Z",
        "dateUpdated": "2026-05-21T13:22:36.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35227 (GCVE-0-2026-35227)

    Vulnerability from cvelistv5 – Published: 2026-05-12 07:14 – Updated: 2026-05-13 14:38
    VLAI
    Title
    Improper resource management in CODESYS Modbus TCP Server
    Summary
    An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-772 - Missing Release of Resource after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Modbus Affected: 1.0.0.0 , < 4.6.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB Schweiz AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:29:08.743627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:38:41.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Modbus",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.6.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_modbus:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB Schweiz AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-772",
                  "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T07:14:41.517Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-042"
            }
          ],
          "source": {
            "advisory": "VDE-2026-042",
            "defect": [
              "CERT@VDE#642013"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Improper resource management in CODESYS Modbus TCP Server",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35227",
        "datePublished": "2026-05-12T07:14:41.517Z",
        "dateReserved": "2026-04-01T19:54:21.499Z",
        "dateUpdated": "2026-05-13T14:38:41.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35225 (GCVE-0-2026-35225)

    Vulnerability from cvelistv5 – Published: 2026-04-23 13:54 – Updated: 2026-04-23 15:35
    VLAI
    Title
    Improper timeout handling in CODESYS EtherNetIP
    Summary
    An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS EtherNetIP Affected: 1.0.0.0 , < 4.9.0.0 (custom)
    Create a notification for this product.
    Credits
    ABB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-23T15:35:35.243946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-23T15:35:43.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS EtherNetIP",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.9.0.0",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:codesys:codesys_ethernetip:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.9.0.0",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ABB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."
                }
              ],
              "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T13:54:51.863Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.certvde.com/en/advisories/VDE-2026-040/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper timeout handling in CODESYS EtherNetIP",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35225",
        "datePublished": "2026-04-23T13:54:51.863Z",
        "dateReserved": "2026-04-01T19:54:21.499Z",
        "dateUpdated": "2026-04-23T15:35:43.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3509 (GCVE-0-2026-3509)

    Vulnerability from cvelistv5 – Published: 2026-03-24 07:42 – Updated: 2026-03-26 12:35
    VLAI
    Title
    CODESYS Control Audit Log Format String DoS
    Summary
    An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Use of Externally-Controlled Format String
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.17.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.1.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T12:35:33.893071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T12:35:48.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "3.5.17.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "4.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial\u2011of\u2011service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial\u2011of\u2011service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134 Use of Externally-Controlled Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T07:42:33.820Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-018"
            }
          ],
          "source": {
            "advisory": "VDE-2026-018",
            "defect": [
              "CERT@VDE#641968"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control Audit Log Format String DoS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-3509",
        "datePublished": "2026-03-24T07:42:33.820Z",
        "dateReserved": "2026-03-04T09:24:19.745Z",
        "dateUpdated": "2026-03-26T12:35:48.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41660 (GCVE-0-2025-41660)

    Vulnerability from cvelistv5 – Published: 2026-03-24 07:41 – Updated: 2026-03-24 13:16
    VLAI
    Title
    CODESYS Control Boot Application Replacement Enables Code Execution
    Summary
    A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 0.0.0 , < 3.5.22.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 0.0.0 , < 4.21.0.0 (semver)
    Create a notification for this product.
    Credits
    Luca Borzacchiello from Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T13:15:49.570572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T13:16:02.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.22.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.21.0.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Luca Borzacchiello from Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.\u003cbr\u003e"
                }
              ],
              "value": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T07:41:43.004Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-011"
            }
          ],
          "source": {
            "advisory": "VDE-2026-011",
            "defect": [
              "CERT@VDE#641802"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control Boot Application Replacement Enables Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41660",
        "datePublished": "2026-03-24T07:41:43.004Z",
        "dateReserved": "2025-04-16T11:17:48.307Z",
        "dateUpdated": "2026-03-24T13:16:02.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2364 (GCVE-0-2026-2364)

    Vulnerability from cvelistv5 – Published: 2026-03-10 07:22 – Updated: 2026-03-10 16:51
    VLAI
    Title
    CODESYS Installer TOCTOU Privilege Escalation
    Summary
    If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Installer Affected: 0.0.0 , < 2.6.1.0 (semver)
    Create a notification for this product.
    Credits
    David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2364",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:39:49.202345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:51:59.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Installer",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "2.6.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "David Ruscheweyh from SEW-EURODRIVE GmbH \u0026 Co KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.\u003cbr\u003e"
                }
              ],
              "value": "If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T07:22:42.658Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2026-012"
            }
          ],
          "source": {
            "advisory": "VDE-2026-012",
            "defect": [
              "CERT@VDE#641953"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Installer TOCTOU Privilege Escalation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-2364",
        "datePublished": "2026-03-10T07:22:42.658Z",
        "dateReserved": "2026-02-11T18:46:15.172Z",
        "dateUpdated": "2026-03-10T16:51:59.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41700 (GCVE-0-2025-41700)

    Vulnerability from cvelistv5 – Published: 2025-12-01 10:02 – Updated: 2025-12-01 13:59
    VLAI
    Title
    CODESYS Development System - Deserialization of Untrusted Data
    Summary
    An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Development System Affected: 0.0.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    Credits
    MengyuXia from Beijing Aerospace Wanyuan Science & Technology Co, Ltd.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41700",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:25:21.754600Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T13:59:26.310Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "MengyuXia from Beijing Aerospace Wanyuan Science \u0026 Technology Co, Ltd."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:47.312Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-101"
            }
          ],
          "source": {
            "advisory": "VDE-2025-101",
            "defect": [
              "CERT@VDE#641842"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Development System - Deserialization of Untrusted Data",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41700",
        "datePublished": "2025-12-01T10:02:47.312Z",
        "dateReserved": "2025-04-16T11:17:48.310Z",
        "dateUpdated": "2025-12-01T13:59:26.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41738 (GCVE-0-2025-41738)

    Vulnerability from cvelistv5 – Published: 2025-12-01 10:02 – Updated: 2025-12-01 14:00
    VLAI
    Title
    CODESYS Control - Invalid type usage in visualization
    Summary
    An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:59:44.375519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T14:00:28.509Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:33.407Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-100"
            }
          ],
          "source": {
            "advisory": "VDE-2025-100",
            "defect": [
              "CERT@VDE#641889"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Invalid type usage in visualization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41738",
        "datePublished": "2025-12-01T10:02:33.407Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2025-12-01T14:00:28.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41739 (GCVE-0-2025-41739)

    Vulnerability from cvelistv5 – Published: 2025-12-01 10:00 – Updated: 2026-01-07 17:09
    VLAI
    Title
    CODESYS Control - Linux/QNX SysSocket flaw
    Summary
    An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS PLCHandler Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.21.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS TargetVisu for Linux SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.15.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Credits
    ABB AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T14:03:10.321003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T17:09:52.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.21.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS TargetVisu for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.15.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:00:44.373Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-099"
            }
          ],
          "source": {
            "advisory": "VDE-2025-099",
            "defect": [
              "CERT@VDE#641888"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Linux/QNX SysSocket flaw",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41739",
        "datePublished": "2025-12-01T10:00:44.373Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2026-01-07T17:09:52.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201112-0097

    Vulnerability from variot - Updated: 2026-04-10 23:46

    Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "codesys sp4 patch",
            "scope": "eq",
            "trust": 3.5,
            "vendor": "3s smart",
            "version": "3.42"
          },
          {
            "_id": null,
            "model": "codesys",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "3ssoftware",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "codesys",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "3s smart",
            "version": "3.4 sp4 patch 2"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.6,
            "vendor": "codesys",
            "version": "*"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "no",
            "version": null
          },
          {
            "_id": null,
            "model": "codesys",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "3ssoftware",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "codesys",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3s smart",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "codesys",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "3s smart",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "codesys",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "3s smart",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "codesys",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "3s smart",
            "version": "2.3.9.32"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5128"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5125"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5126"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5127"
          },
          {
            "db": "BID",
            "id": "50849"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5007"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:codesys:codesys",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Luigi Auriemma",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-501"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2011-5007",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2011-5007",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2011-5591",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "45e2b734-2354-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "45e91728-2354-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "5b319126-1f7d-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-5007",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-5007",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2011-5591",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201112-447",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "45e2b734-2354-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "45e91728-2354-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "5b319126-1f7d-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5007"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-5007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5128"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5125"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5126"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5127"
          },
          {
            "db": "BID",
            "id": "50849"
          },
          {
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 5.85
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-5007",
            "trust": 4.7
          },
          {
            "db": "BID",
            "id": "50849",
            "trust": 3.3
          },
          {
            "db": "ICS CERT ALERT",
            "id": "ICS-ALERT-11-336-01A",
            "trust": 2.4
          },
          {
            "db": "OSVDB",
            "id": "77387",
            "trust": 2.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-447",
            "trust": 2.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "18187",
            "trust": 1.6
          },
          {
            "db": "ICS CERT ALERT",
            "id": "ICS-ALERT-11-336-01",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "47018",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591",
            "trust": 1.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-12-320-01",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5128",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5125",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5127",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5126",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-501",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20111129 VULNERABILITIES IN 3S CODESYS 3.4 SP4 PATCH 2",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-12-006-01",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "45E2B734-2354-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "45E91728-2354-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "5B319126-1F7D-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D7D2BF0-463F-11E9-BF0D-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "4143B83E-1F7D-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "84AF9D86-1F7D-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7E1D2E16-1F7D-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5128"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5125"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5126"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5127"
          },
          {
            "db": "BID",
            "id": "50849"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-501"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5007"
          }
        ]
      },
      "id": "VAR-201112-0097",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5128"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5125"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5126"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5127"
          }
        ],
        "trust": 5.12310607
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 4.4
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5128"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5125"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5126"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5127"
          }
        ]
      },
      "last_update_date": "2026-04-10T23:46:00.136000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.3s-software.com/"
          },
          {
            "title": "3S CoDeSys CmpWebServer component buffer overflow vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/37428"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5007"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.3,
            "url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
          },
          {
            "trust": 2.4,
            "url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01a.pdf"
          },
          {
            "trust": 2.2,
            "url": "http://osvdb.org/77387"
          },
          {
            "trust": 1.6,
            "url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01.pdf"
          },
          {
            "trust": 1.6,
            "url": "http://www.exploit-db.com/exploits/18187"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/47018"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/bugtraq/2011/nov/178"
          },
          {
            "trust": 1.0,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-12-320-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5007"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5007"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/50849"
          },
          {
            "trust": 0.3,
            "url": "http://www.3s-software.com/index.shtml?en_codesysv3_en"
          },
          {
            "trust": 0.3,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-006-01.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5128"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5125"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5126"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5127"
          },
          {
            "db": "BID",
            "id": "50849"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-501"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5007"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "5b319126-1f7d-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5128",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5125",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5126",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5127",
            "ident": null
          },
          {
            "db": "BID",
            "id": "50849",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-501",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-447",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003530",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5007",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-12-26T00:00:00",
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-12-26T00:00:00",
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "IVD",
            "id": "5b319126-1f7d-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-12-26T00:00:00",
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "IVD",
            "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "IVD",
            "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "IVD",
            "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-12-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5591",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5128",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5125",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5126",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5127",
            "ident": null
          },
          {
            "date": "2011-11-29T00:00:00",
            "db": "BID",
            "id": "50849",
            "ident": null
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-501",
            "ident": null
          },
          {
            "date": "2011-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-447",
            "ident": null
          },
          {
            "date": "2011-12-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003530",
            "ident": null
          },
          {
            "date": "2011-12-25T01:55:04.647000",
            "db": "NVD",
            "id": "CVE-2011-5007",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-12-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5591",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5128",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5125",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5126",
            "ident": null
          },
          {
            "date": "2011-12-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5127",
            "ident": null
          },
          {
            "date": "2012-11-15T23:10:00",
            "db": "BID",
            "id": "50849",
            "ident": null
          },
          {
            "date": "2011-12-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-501",
            "ident": null
          },
          {
            "date": "2011-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-447",
            "ident": null
          },
          {
            "date": "2011-12-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003530",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-5007",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-501"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-447"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "_id": null,
        "data": "3S CoDeSys CmpWebServer Component Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5591"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-447"
          }
        ],
        "trust": 1.8
      },
      "type": {
        "_id": null,
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "45e2b734-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "45e91728-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-447"
          }
        ],
        "trust": 2.0
      }
    }

    VAR-202204-1264

    Vulnerability from variot - Updated: 2025-10-04 22:44

    An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1264",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "control win sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "edge gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control rte sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for empc-a\\/imx6 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for pfc200 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "hmi sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control runtime system toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for beaglebone sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for raspberry pi sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for linux sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control rte sl \\",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for iot2000 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for wago touch panels 600 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "embedded target visu toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for pfc100 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for plcnext sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for beckhoff cx9020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "edge gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "development system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "remote target visu toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for empc-a/imx6 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for plcnext sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control win sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control rte v3",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for beckhoff cx9020",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control runtime system toolkit",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control rte sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "embedded target visu toolkit",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "development system",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for raspberry pi sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for beaglebone sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "hmi sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "edge gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for pfc200 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for linux sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for iot2000 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for pfc100 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for wago touch panels 600 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22513"
          }
        ]
      },
      "cve": "CVE-2022-22513",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2022-22513",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-411082",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-22513",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-22513",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22513",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2022-22513",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-22513",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202204-2623",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411082",
                "trust": 0.1,
                "value": "LOW"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-22513",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22513"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22513"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22513"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22513"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22513",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVNVU90492166",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-273-04",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007941",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2623",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-411082",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22513",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22513"
          }
        ]
      },
      "id": "VAR-202204-1264",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411082"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-10-04T22:44:28.756000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CODESYS Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189579"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-22513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2623"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.1
          },
          {
            "problemtype": "NULL Pointer dereference (CWE-476) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22513"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu90492166/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22513"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-22513/"
          },
          {
            "trust": 0.1,
            "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download="
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/476.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22513"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411082"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22513"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411082"
          },
          {
            "date": "2022-04-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22513"
          },
          {
            "date": "2022-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2623"
          },
          {
            "date": "2023-07-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          },
          {
            "date": "2022-04-07T19:15:08.073000",
            "db": "NVD",
            "id": "CVE-2022-22513"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411082"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22513"
          },
          {
            "date": "2022-04-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2623"
          },
          {
            "date": "2025-10-02T08:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          },
          {
            "date": "2024-11-21T06:46:55.900000",
            "db": "NVD",
            "id": "CVE-2022-22513"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2623"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007941"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2623"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202204-0725

    Vulnerability from variot - Updated: 2025-10-04 22:43

    An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0725",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "control win sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "edge gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control rte sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for empc-a\\/imx6 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for pfc200 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "hmi sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "development system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.0"
          },
          {
            "model": "control runtime system toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for beaglebone sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for raspberry pi sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for linux sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control rte sl \\",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for iot2000 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for wago touch panels 600 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "embedded target visu toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for pfc100 sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for plcnext sl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "control for beckhoff cx9020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "4.5.0.0"
          },
          {
            "model": "edge gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "development system",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "remote target visu toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.18.0"
          },
          {
            "model": "control for empc-a/imx6 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for plcnext sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control win sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control rte v3",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for beckhoff cx9020",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control runtime system toolkit",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control rte sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "embedded target visu toolkit",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "development system",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for raspberry pi sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for beaglebone sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "hmi sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "edge gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for pfc200 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for linux sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for iot2000 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for pfc100 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for wago touch panels 600 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22514"
          }
        ]
      },
      "cve": "CVE-2022-22514",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2022-22514",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-411083",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-22514",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-22514",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-22514",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2022-22514",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-22514",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202204-2621",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411083",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-22514",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411083"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22514"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22514"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-22514"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411083"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22514"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-22514",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVNVU90492166",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-273-04",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008142",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2621",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-411083",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22514",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411083"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22514"
          }
        ]
      },
      "id": "VAR-202204-0725",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411083"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-10-04T22:43:24.178000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CODESYS Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189800"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-22514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2621"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-822",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "unreliable pointer dereference (CWE-822) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411083"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22514"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu90492166/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22514"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-22514/"
          },
          {
            "trust": 0.1,
            "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download="
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/822.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411083"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22514"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411083"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-22514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-22514"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411083"
          },
          {
            "date": "2022-04-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22514"
          },
          {
            "date": "2022-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2621"
          },
          {
            "date": "2023-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          },
          {
            "date": "2022-04-07T19:15:08.133000",
            "db": "NVD",
            "id": "CVE-2022-22514"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411083"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-22514"
          },
          {
            "date": "2022-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2621"
          },
          {
            "date": "2025-10-02T08:47:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          },
          {
            "date": "2024-11-21T06:46:56.033000",
            "db": "NVD",
            "id": "CVE-2022-22514"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2621"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product Untrusted Pointer Dereference Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008142"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2621"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201909-0996

    Vulnerability from variot - Updated: 2025-10-04 22:17

    CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. CODESYS V3 web The server contains a path traversal vulnerability.Information may be obtained

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0996",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "control for empc-a\\/imx6",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "control rte",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.12.80"
          },
          {
            "model": "hmi",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "control for raspberry pi",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "control rte",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.13.0"
          },
          {
            "model": "control for pfc100",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "control win",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.12.80"
          },
          {
            "model": "control win",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "control runtime system toolkit",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.0"
          },
          {
            "model": "embedded target visu toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.12.80"
          },
          {
            "model": "control win",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.9.80"
          },
          {
            "model": "hmi",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.10.0"
          },
          {
            "model": "hmi",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.12.80"
          },
          {
            "model": "remote target visu toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.12.80"
          },
          {
            "model": "embedded target visu toolkit",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.0"
          },
          {
            "model": "hmi",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.13.0"
          },
          {
            "model": "control for iot2000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "control for beaglebone",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "control for pfc200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "control rte",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "remote target visu toolkit",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.0"
          },
          {
            "model": "control runtime system toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.12.80"
          },
          {
            "model": "control rte",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.8.60"
          },
          {
            "model": "control win",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.13.0"
          },
          {
            "model": "control for linux",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.14.10"
          },
          {
            "model": "control runtime system toolkit",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for empc-a/imx6 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for raspberry pi sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control win sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for pfc200 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for linux sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for beaglebone sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for iot2000 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control for pfc100 sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "control rte sl",
            "scope": null,
            "trust": 0.8,
            "vendor": "codesys",
            "version": null
          },
          {
            "model": "software solutions codesys web server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "3s smart",
            "version": "v3\u003c3.5.14.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "control rte",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "control win",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "hmi",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "control for beaglebone",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "control for empc a imx6",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "control for iot2000",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "control for linux",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "control for pfc100",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "control for pfc200",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "control for raspberry pi",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "control runtime system toolkit",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "embedded target visu toolkit",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "remote target visu toolkit",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13532"
          }
        ]
      },
      "cve": "CVE-2019-13532",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-13532",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-32463",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-13532",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-13532",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-13532",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-13532",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-32463",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201909-657",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13532"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. CODESYS V3 web The server contains a path traversal vulnerability.Information may be obtained",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-13532",
            "trust": 4.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-255-01",
            "trust": 2.4
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3487",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-657",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU90492166",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-273-04",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009414",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-255-04",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-255-03",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-255-05",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-255-02",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "F4634C88-FFBB-41D2-9DE5-4C49DF63339A",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13532"
          }
        ]
      },
      "id": "VAR-201909-0996",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          }
        ]
      },
      "last_update_date": "2025-10-04T22:17:26.762000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.codesys.com/"
          },
          {
            "title": "3S-Smart Software Solutions CODESYS V3 web server path traversal vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/181469"
          },
          {
            "title": "CODESYS V3 web server Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98231"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.0
          },
          {
            "problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13532"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13532"
          },
          {
            "trust": 1.2,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3487/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu90492166/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-02"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13532"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13532"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-09-21T00:00:00",
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          },
          {
            "date": "2019-09-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "date": "2019-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          },
          {
            "date": "2019-09-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          },
          {
            "date": "2019-09-13T17:15:11.617000",
            "db": "NVD",
            "id": "CVE-2019-13532"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-09-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          },
          {
            "date": "2025-10-02T08:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-009414"
          },
          {
            "date": "2024-11-21T04:25:05.470000",
            "db": "NVD",
            "id": "CVE-2019-13532"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "3S-Smart Software Solutions CODESYS V3 web server Path traversal vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-32463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-657"
          }
        ],
        "trust": 0.8
      }
    }