ADVISORY2025-05_VDE-2025-027
Vulnerability from csaf_codesysgmbh - Published: 2025-04-23 10:00 - Updated: 2025-04-23 10:00Summary
CODESYS Visualization user management bypass in WebVisu
Notes
Summary: An unauthenticated attacker can read static visualization files of the CODESYS WebVisu, by bypassing the CODESYS Visualization user management applying forced browsing.
Impact: The CODESYS Visualization, together with the CmpWebServer component in the CODESYS Control Runtime, allows users to create browser-based visualizations for monitoring and controlling industrial processes. Access to these visualizations can be restricted using the built-in user management.
However, on CODESYS Control Runtime systems, where an application with a CODESYS WebVisu is executed, an unauthenticated remote attacker can bypass the user management and read visualization files by means of forced browsing. The exposed files, accessible via a web browser, contain only static visualization data such as text lists, icons or images, but no live data from the controlled system.
Remediation: Update the following product to version 4.8.0.0.
* CODESYS Visualization
Update the following products to version 3.5.21.0.
* CODESYS Control RTE (SL)
* CODESYS Control RTE (for Beckhoff CX) SL
* CODESYS Control Win (SL)
* CODESYS HMI (SL)
* CODESYS Runtime Toolkit
* CODESYS Embedded Target Visu Toolkit
* CODESYS Remote Target Visu Toolkit
Update the following products to version 4.15.0.0.
* CODESYS Control for BeagleBone SL
* CODESYS Control for emPC-A/iMX6 SL
* CODESYS Control for IOT2000 SL
* CODESYS Control for Linux ARM SL
* CODESYS Control for Linux SL
* CODESYS Control for PFC100 SL
* CODESYS Control for PFC200 SL
* CODESYS Control for PLCnext SL
* CODESYS Control for Raspberry Pi SL
* CODESYS Control for WAGO Touch Panels 600 SL
* CODESYS Virtual Control SL
Updates of both the CODESYS Visualization and the CODESYS Control Runtime System or the CODESYS HMI are required to fix the vulnerability.
Moreover, existing CODESYS projects that include a CODESYS WebVisu must be recompiled and downloaded to the updated HMI or PLC.
The CODESYS Development System and the products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download/.
General Recommendation: As part of a security strategy, CODESYS GmbH strongly recommends at least the following best-practice
defense measures:
* Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
* Use firewalls to protect and separate the control system network from other networks
* Activate and apply user management and password features
* Limit the access to both development and control system by physical means, operating system features, etc.
* Use encrypted communication links
* Use VPN (Virtual Private Networks) tunnels if remote access is required
* Protect both development and control system by using up to date virus detecting solutions
For more information and general recommendations for protecting machines and plants, see also the
CODESYS Security Whitepaper [here.](https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf)
Disclaimer: CODESYS GmbH assumes no liability whatsoever for indirect, collateral, accidental or consequential losses
that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided on good faith by CODESYS GmbH.
Insofar as permissible by law, however, none of this information shall establish any guarantee, commitment or
liability on the part of CODESYS GmbH.
Note: Not all CODESYS features are available in all territories. For more information on geographic restrictions,
please contact sales@codesys.com.
An unauthenticated remote attacker can bypass the user management in the CODESYS Visualization and read visualization template files or static elements of the CODESYS WebVisu by means of forced browsing.
5.3 (Medium)
Vendor Fix
Update the following product to version 4.8.0.0.
* CODESYS Visualization
Update the following products to version 3.5.21.0.
* CODESYS Control RTE (SL)
* CODESYS Control RTE (for Beckhoff CX) SL
* CODESYS Control Win (SL)
* CODESYS HMI (SL)
* CODESYS Runtime Toolkit
* CODESYS Embedded Target Visu Toolkit
* CODESYS Remote Target Visu Toolkit
Update the following products to version 4.15.0.0.
* CODESYS Control for BeagleBone SL
* CODESYS Control for emPC-A/iMX6 SL
* CODESYS Control for IOT2000 SL
* CODESYS Control for Linux ARM SL
* CODESYS Control for Linux SL
* CODESYS Control for PFC100 SL
* CODESYS Control for PFC200 SL
* CODESYS Control for PLCnext SL
* CODESYS Control for Raspberry Pi SL
* CODESYS Control for WAGO Touch Panels 600 SL
* CODESYS Virtual Control SL
Updates of both the CODESYS Visualization and the CODESYS Control Runtime System or the CODESYS HMI are required to fix the vulnerability.
Moreover, existing CODESYS projects that include a CODESYS WebVisu must be recompiled and downloaded to the updated HMI or PLC.
The CODESYS Development System and the products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download/.
References
Acknowledgments
CERT@VDE
certvde.com
Honeywell
M. Ankith
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"M. Ankith"
],
"organization": "Honeywell",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker can read static visualization files of the CODESYS WebVisu, by bypassing the CODESYS Visualization user management applying forced browsing.",
"title": "Summary"
},
{
"category": "description",
"text": "The CODESYS Visualization, together with the CmpWebServer component in the CODESYS Control Runtime, allows users to create browser-based visualizations for monitoring and controlling industrial processes. Access to these visualizations can be restricted using the built-in user management.\n\nHowever, on CODESYS Control Runtime systems, where an application with a CODESYS WebVisu is executed, an unauthenticated remote attacker can bypass the user management and read visualization files by means of forced browsing. The exposed files, accessible via a web browser, contain only static visualization data such as text lists, icons or images, but no live data from the controlled system.",
"title": "Impact"
},
{
"category": "description",
"text": "Update the following product to version 4.8.0.0.\n* CODESYS Visualization\n\nUpdate the following products to version 3.5.21.0.\n* CODESYS Control RTE (SL)\n* CODESYS Control RTE (for Beckhoff CX) SL\n* CODESYS Control Win (SL)\n* CODESYS HMI (SL)\n* CODESYS Runtime Toolkit\n* CODESYS Embedded Target Visu Toolkit\n* CODESYS Remote Target Visu Toolkit\n\nUpdate the following products to version 4.15.0.0.\n* CODESYS Control for BeagleBone SL\n* CODESYS Control for emPC-A/iMX6 SL\n* CODESYS Control for IOT2000 SL\n* CODESYS Control for Linux ARM SL\n* CODESYS Control for Linux SL\n* CODESYS Control for PFC100 SL\n* CODESYS Control for PFC200 SL\n* CODESYS Control for PLCnext SL\n* CODESYS Control for Raspberry Pi SL\n* CODESYS Control for WAGO Touch Panels 600 SL\n* CODESYS Virtual Control SL\n\nUpdates of both the CODESYS Visualization and the CODESYS Control Runtime System or the CODESYS HMI are required to fix the vulnerability.\n\nMoreover, existing CODESYS projects that include a CODESYS WebVisu must be recompiled and downloaded to the updated HMI or PLC.\n\nThe CODESYS Development System and the products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download/.",
"title": "Remediation"
},
{
"category": "general",
"text": "As part of a security strategy, CODESYS GmbH strongly recommends at least the following best-practice\ndefense measures:\n\n* Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n* Use firewalls to protect and separate the control system network from other networks\n* Activate and apply user management and password features\n* Limit the access to both development and control system by physical means, operating system features, etc.\n* Use encrypted communication links\n* Use VPN (Virtual Private Networks) tunnels if remote access is required\n* Protect both development and control system by using up to date virus detecting solutions\n\nFor more information and general recommendations for protecting machines and plants, see also the\nCODESYS Security Whitepaper [here.](https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf)",
"title": "General Recommendation"
},
{
"category": "legal_disclaimer",
"text": "CODESYS GmbH assumes no liability whatsoever for indirect, collateral, accidental or consequential losses\nthat occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided on good faith by CODESYS GmbH.\nInsofar as permissible by law, however, none of this information shall establish any guarantee, commitment or\nliability on the part of CODESYS GmbH.\n\nNote: Not all CODESYS features are available in all territories. For more information on geographic restrictions,\nplease contact sales@codesys.com.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@codesys.com",
"name": "CODESYS GmbH",
"namespace": "https://www.codesys.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for CODESYS GmbH",
"url": "https://certvde.com/en/advisories/vendor/codesys"
},
{
"category": "self",
"summary": "Advisory2025-05_VDE-2025-027: CODESYS Visualization user management bypass in WebVisu - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-027/"
},
{
"category": "self",
"summary": "Advisory2025-05_VDE-2025-027: CODESYS Visualization user management bypass in WebVisu - CSAF",
"url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-05_vde-2025-027.json"
},
{
"category": "external",
"summary": "CODESYS Security Advisories",
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"category": "self",
"summary": "Advisory2025-05_VDE-2025-027: CODESYS Visualization user management bypass - PDF",
"url": "https://codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-05_VIS-5003.pdf"
}
],
"title": "CODESYS Visualization user management bypass in WebVisu",
"tracking": {
"aliases": [
"VDE-2025-027",
"CODESYS Security Advisory 2025-05"
],
"current_release_date": "2025-04-23T10:00:00.000Z",
"generator": {
"date": "2025-04-17T07:11:42.838Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.18"
}
},
"id": "Advisory2025-05_VDE-2025-027",
"initial_release_date": "2025-04-23T10:00:00.000Z",
"revision_history": [
{
"date": "2025-04-23T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.0.0",
"product": {
"name": "CODESYS Visualization \u003c4.8.0.0",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "4.8.0.0",
"product": {
"name": "CODESYS Visualization 4.8.0.0",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "CODESYS Visualization"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.21.0",
"product": {
"name": "CODESYS Control RTE (for Beckhoff CX) SL \u003c3.5.21.0",
"product_id": "CSAFPID-51002"
}
},
{
"category": "product_version",
"name": "3.5.21.0",
"product": {
"name": "CODESYS Control RTE (for Beckhoff CX) SL 3.5.21.0",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "Control RTE (for Beckhoff CX) SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.21.0",
"product": {
"name": "CODESYS Control RTE (SL) \u003c3.5.21.0",
"product_id": "CSAFPID-51003"
}
},
{
"category": "product_version",
"name": "3.5.21.0",
"product": {
"name": "CODESYS Control RTE (SL) 3.5.21.0",
"product_id": "CSAFPID-52003"
}
}
],
"category": "product_name",
"name": "Control RTE (SL) "
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.21.0",
"product": {
"name": "CODESYS Control Win (SL) \u003c3.5.21.0",
"product_id": "CSAFPID-51004"
}
},
{
"category": "product_version",
"name": "3.5.21.0",
"product": {
"name": "CODESYS Control Win (SL) 3.5.21.0",
"product_id": "CSAFPID-52004"
}
}
],
"category": "product_name",
"name": "Control Win (SL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.21.0",
"product": {
"name": "CODESYS Embedded Target Visu Toolkit \u003c3.5.21.0",
"product_id": "CSAFPID-51005"
}
},
{
"category": "product_version",
"name": "3.5.21.0",
"product": {
"name": "CODESYS Embedded Target Visu Toolkit 3.5.21.0",
"product_id": "CSAFPID-52005"
}
}
],
"category": "product_name",
"name": "Embedded Target Visu Toolkit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.21.0",
"product": {
"name": "CODESYS HMI (SL) \u003c3.5.21.0",
"product_id": "CSAFPID-51006"
}
},
{
"category": "product_version",
"name": "3.5.21.0",
"product": {
"name": "CODESYS HMI (SL) 3.5.21.0",
"product_id": "CSAFPID-52006"
}
}
],
"category": "product_name",
"name": "HMI (SL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.21.0",
"product": {
"name": "CODESYS Remote Target Visu Toolkit \u003c3.5.21.0",
"product_id": "CSAFPID-51007"
}
},
{
"category": "product_version",
"name": "3.5.21.0",
"product": {
"name": "CODESYS Remote Target Visu Toolkit 3.5.21.0",
"product_id": "CSAFPID-52007"
}
}
],
"category": "product_name",
"name": "Remote Target Visu Toolkit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.21.0",
"product": {
"name": "CODESYS Runtime Toolkit \u003c3.5.21.0",
"product_id": "CSAFPID-51008"
}
},
{
"category": "product_version",
"name": "3.5.20.30",
"product": {
"name": "CODESYS Runtime Toolkit 3.5.21.0",
"product_id": "CSAFPID-52008"
}
}
],
"category": "product_name",
"name": "Runtime Toolkit "
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Virtual Control SL \u003c4.15.0.0",
"product_id": "CSAFPID-51009"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Virtual Control SL 4.15.0.0",
"product_id": "CSAFPID-52009"
}
}
],
"category": "product_name",
"name": "Virtual Control SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for BeagleBone SL \u003c4.15.0.0",
"product_id": "CSAFPID-51010"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for BeagleBone SL 4.15.0.0",
"product_id": "CSAFPID-52010"
}
}
],
"category": "product_name",
"name": "Control for BeagleBone SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for emPC-A/iMX6 SL \u003c4.15.0.0",
"product_id": "CSAFPID-51011"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for emPC-A/iMX6 SL 4.15.0.0",
"product_id": "CSAFPID-52011"
}
}
],
"category": "product_name",
"name": "Control for emPC-A/iMX6 SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for IOT2000 SL \u003c4.15.0.0",
"product_id": "CSAFPID-51012"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for IOT2000 SL 4.15.0.0",
"product_id": "CSAFPID-52012"
}
}
],
"category": "product_name",
"name": "Control for IOT2000 SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for Linux ARM SL \u003c4.15.0.0",
"product_id": "CSAFPID-51013"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for Linux ARM SL 4.15.0.0",
"product_id": "CSAFPID-52013"
}
}
],
"category": "product_name",
"name": "Control for Linux ARM SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for Linux SL \u003c4.15.0.0",
"product_id": "CSAFPID-51014"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for Linux SL 4.15.0.0",
"product_id": "CSAFPID-52014"
}
}
],
"category": "product_name",
"name": "Control for Linux SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for PFC100 SL \u003c4.15.0.0",
"product_id": "CSAFPID-51015"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for PFC100 SL 4.15.0.0",
"product_id": "CSAFPID-52015"
}
}
],
"category": "product_name",
"name": "Control for PFC100 SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for PFC200 SL \u003c4.15.0.0",
"product_id": "CSAFPID-51016"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for PFC200 SL 4.15.0.0",
"product_id": "CSAFPID-52016"
}
}
],
"category": "product_name",
"name": " Control for PFC200 SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for PLCnext SL \u003c4.15.0.0",
"product_id": "CSAFPID-51017"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for PLCnext SL 4.15.0.0",
"product_id": "CSAFPID-52017"
}
}
],
"category": "product_name",
"name": "Control for PLCnext SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for Raspberry Pi SL \u003c4.15.0.0",
"product_id": "CSAFPID-51018"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for Raspberry Pi SL 4.15.0.0",
"product_id": "CSAFPID-52018"
}
}
],
"category": "product_name",
"name": "Control for Raspberry Pi SL "
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15.0.0",
"product": {
"name": "CODESYS Control for WAGO Touch Panels 600 SL \u003c4.15.0.0",
"product_id": "CSAFPID-51019"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for WAGO Touch Panels 600 SL 4.15.0.0",
"product_id": "CSAFPID-52019"
}
}
],
"category": "product_name",
"name": "Control for WAGO Touch Panels 600 SL"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "CODESYS"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-51010",
"CSAFPID-51011",
"CSAFPID-51012",
"CSAFPID-51013",
"CSAFPID-51014",
"CSAFPID-51015",
"CSAFPID-51016",
"CSAFPID-51017",
"CSAFPID-51018",
"CSAFPID-51019"
],
"summary": "Affected products "
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010",
"CSAFPID-52011",
"CSAFPID-52012",
"CSAFPID-52013",
"CSAFPID-52014",
"CSAFPID-52015",
"CSAFPID-52016",
"CSAFPID-52017",
"CSAFPID-52018",
"CSAFPID-52019"
],
"summary": "Fixed products"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-2595",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can bypass the user management in the CODESYS Visualization and read visualization template files or static elements of the CODESYS WebVisu by means of forced browsing. ",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010",
"CSAFPID-52011",
"CSAFPID-52012",
"CSAFPID-52013",
"CSAFPID-52014",
"CSAFPID-52015",
"CSAFPID-52016",
"CSAFPID-52017",
"CSAFPID-52018",
"CSAFPID-52019"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-51010",
"CSAFPID-51011",
"CSAFPID-51012",
"CSAFPID-51013",
"CSAFPID-51014",
"CSAFPID-51015",
"CSAFPID-51016",
"CSAFPID-51017",
"CSAFPID-51018",
"CSAFPID-51019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the following product to version 4.8.0.0.\n* CODESYS Visualization\n\nUpdate the following products to version 3.5.21.0.\n* CODESYS Control RTE (SL)\n* CODESYS Control RTE (for Beckhoff CX) SL\n* CODESYS Control Win (SL)\n* CODESYS HMI (SL)\n* CODESYS Runtime Toolkit\n* CODESYS Embedded Target Visu Toolkit\n* CODESYS Remote Target Visu Toolkit\n\nUpdate the following products to version 4.15.0.0.\n* CODESYS Control for BeagleBone SL\n* CODESYS Control for emPC-A/iMX6 SL\n* CODESYS Control for IOT2000 SL\n* CODESYS Control for Linux ARM SL\n* CODESYS Control for Linux SL\n* CODESYS Control for PFC100 SL\n* CODESYS Control for PFC200 SL\n* CODESYS Control for PLCnext SL\n* CODESYS Control for Raspberry Pi SL\n* CODESYS Control for WAGO Touch Panels 600 SL\n* CODESYS Virtual Control SL\n\nUpdates of both the CODESYS Visualization and the CODESYS Control Runtime System or the CODESYS HMI are required to fix the vulnerability.\n\nMoreover, existing CODESYS projects that include a CODESYS WebVisu must be recompiled and downloaded to the updated HMI or PLC.\n\nThe CODESYS Development System and the products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download/.",
"group_ids": [
"CSAFGID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-51010",
"CSAFPID-51011",
"CSAFPID-51012",
"CSAFPID-51013",
"CSAFPID-51014",
"CSAFPID-51015",
"CSAFPID-51016",
"CSAFPID-51017",
"CSAFPID-51018",
"CSAFPID-51019"
]
}
],
"title": "CVE-2025-2595"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…