CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-41691 – CODESYS Control DoS via Unauthenticated NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2025-41691
04 Aug 2025 — An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition. Un atacante remoto no autenticado puede provocar una desreferencia de puntero NULL en los sistemas de ejecución de CODESYS Control afectados mediante el envío de solicitudes de comunicación especialmente manipuladas, lo que podría conducir a una condición de denegación de serv... • https://certvde.com/de/advisories/VDE-2025-070 • CWE-476: NULL Pointer Dereference •
CVSS: 8.7EPSS: 0%CPEs: 16EXPL: 0CVE-2025-41659 – CODESYS Control PKI Exposure Enables Remote Certificate Access
https://notcve.org/view.php?id=CVE-2025-41659
04 Aug 2025 — A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted. Un atacante con pocos privilegios puede acceder remotamente a la carpeta PKI del sistema de ejecución de CODESYS Control y, por lo tanto, leer y escribir certificado... • https://certvde.com/de/advisories/VDE-2025-051 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-41658 – CODESYS Toolkit Exposes Sensitive Files via Default Permissions
https://notcve.org/view.php?id=CVE-2025-41658
04 Aug 2025 — CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. Los productos basados en CODESYS Runtime Toolkit pueden exponer archivos confidenciales a usuarios del sistema operativo local con pocos privilegios debido a los permisos de archivo predeterminados. • https://certvde.com/de/advisories/VDE-2025-049 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2595 – Forced Browsing Vulnerability in CODESYS Visualization
https://notcve.org/view.php?id=CVE-2025-2595
23 Apr 2025 — An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. Un atacante remoto no autenticado puede eludir la gestión de usuarios en CODESYS Visualization y leer archivos de plantillas de visualización o elementos estáticos mediante navegación forzada. • https://certvde.com/en/advisories/VDE-2025-027 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41975 – CODESYS (Edge) Gateway for Windows insecure default
https://notcve.org/view.php?id=CVE-2024-41975
18 Mar 2025 — An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs. • https://cert.vde.com/en/advisories/VDE-2025-013 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.6EPSS: 0%CPEs: 15EXPL: 0CVE-2025-0694 – CODESYS Control V3 removable media path traversal
https://notcve.org/view.php?id=CVE-2025-0694
18 Mar 2025 — Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. • https://cert.vde.com/en/advisories/VDE-2025-015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1468 – CODESYS Control V3 - OPC UA Server Authentication bypass
https://notcve.org/view.php?id=CVE-2025-1468
18 Mar 2025 — An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy. • https://cert.vde.com/en/advisories/VDE-2025-022 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-8175 – CODESYS: web server vulnerable to DoS
https://notcve.org/view.php?id=CVE-2024-8175
25 Sep 2024 — An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. Un atacante remoto no autenticado puede provocar que el servidor web CODESYS acceda a una memoria no válida, lo que resulta en un DoS. An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. • https://cert.vde.com/en/advisories/VDE-2024-057 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6876 – Out-of-bounds read in OSCAT-Library
https://notcve.org/view.php?id=CVE-2024-6876
10 Sep 2024 — Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. • https://certvde.com/en/advisories/VDE-2024-046 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5751 – CODESYS: Development system prone to DoS through exposure of resource to wrong sphere
https://notcve.org/view.php?id=CVE-2023-5751
04 Jun 2024 — A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. Un atacante local con privilegios bajos puede leer y modificar los archivos de cualquier usuario y provocar un DoS en el directorio de trabajo de los productos afectados debido a la exposición del recurso a una esfera incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-027 • CWE-668: Exposure of Resource to Wrong Sphere •