CVSS: 8.7EPSS: 0%CPEs: 16EXPL: 0CVE-2025-41659 – CODESYS Control PKI Exposure Enables Remote Certificate Access
https://notcve.org/view.php?id=CVE-2025-41659
04 Aug 2025 — A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted. Un atacante con pocos privilegios puede acceder remotamente a la carpeta PKI del sistema de ejecución de CODESYS Control y, por lo tanto, leer y escribir certificado... • https://certvde.com/de/advisories/VDE-2025-051 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-41658 – CODESYS Toolkit Exposes Sensitive Files via Default Permissions
https://notcve.org/view.php?id=CVE-2025-41658
04 Aug 2025 — CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. Los productos basados en CODESYS Runtime Toolkit pueden exponer archivos confidenciales a usuarios del sistema operativo local con pocos privilegios debido a los permisos de archivo predeterminados. • https://certvde.com/de/advisories/VDE-2025-049 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-6357 – OS Command Injection in multiple CODESYS products
https://notcve.org/view.php?id=CVE-2023-6357
05 Dec 2023 — A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Un atacante remoto con pocos privilegios podría aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a través de librerías del sistema de archivos que podrían darle al atacante el control total del dispositivo. • https://cert.vde.com/en/advisories/VDE-2023-066 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37559 – CODESYS Improper Validation of Consistency within Input in multiple products
https://notcve.org/view.php?id=CVE-2023-37559
03 Aug 2023 — After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558 Después de una autenticación exitosa como usuario en múltiples productos Codesys en múltiples versiones, solicitudes de comunicación de red específicas diseñadas... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37558 – CODESYS Improper Validation of Consistency within Input in multiple products
https://notcve.org/view.php?id=CVE-2023-37558
03 Aug 2023 — After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559 Después de una autenticación exitosa como usuario en múltiples productos Codesys en múltiples versiones, solicitudes de comunicación de red específicas diseñadas... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37557 – CODESYS Heap-based Buffer Overflow in multiple products
https://notcve.org/view.php?id=CVE-2023-37557
03 Aug 2023 — After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition. Después de una autenticación exitosa como usuario en múltiples productos Codesys en múltiples versiones, solicitudes de comunicación remota diseñadas específicamente pueden hacer que el componente CmpAppBP sobrescriba un desbordamiento de búfer, lo que pue... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37556 – CODESYS Improper Input Validation in CmpAppBP
https://notcve.org/view.php?id=CVE-2023-37556
03 Aug 2023 — In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555. En varias versiones de varios productos Codesys, después de una autenticación exitosa como usuario, solicitudes... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37555 – CODESYS Improper Input Validation in CmpAppBP
https://notcve.org/view.php?id=CVE-2023-37555
03 Aug 2023 — In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556. En múltiples versiones de múltiples productos de Codesys, después de una autenticación exitosa como usuario, la... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37554 – CODESYS Improper Input Validation in CmpAppBP
https://notcve.org/view.php?id=CVE-2023-37554
03 Aug 2023 — In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556. En múltiples versiones de múltiples productos de Codesys, después de una autenticación exitosa como usuario, la... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37553 – CODESYS Improper Input Validation in CmpAppBP
https://notcve.org/view.php?id=CVE-2023-37553
03 Aug 2023 — In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556. En múltiples versiones de múltiples productos de Codesys, después de una autenticación exitosa como usuario, la... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •