Vulnerabilites related to CODESYS - Control for Raspberry Pi SL
CVE-2025-41658 (GCVE-0-2025-41658)
Vulnerability from cvelistv5
Published
2025-08-04 08:03
Modified
2025-08-04 11:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | CODESYS | Runtime Toolkit |
Version: 0.0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T11:52:31.347383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T11:52:37.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luca Borzacchiello from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.\u003cbr\u003e"
}
],
"value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:03:26.511Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-049"
}
],
"source": {
"advisory": "VDE-2025-049",
"defect": [
"CERT@VDE#641799"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Toolkit Exposes Sensitive Files via Default Permissions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41658",
"datePublished": "2025-08-04T08:03:26.511Z",
"dateReserved": "2025-04-16T11:17:48.306Z",
"dateUpdated": "2025-08-04T11:52:37.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4224 (GCVE-0-2022-4224)
Vulnerability from cvelistv5
Published
2023-03-23 11:15
Modified
2024-08-03 01:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Summary
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | CODESYS | Control RTE (SL) |
Version: 3.0.0.0 < 3.5.19.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:49.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL) ",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Runtime Toolkit ",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Safety SIL2 Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Safety SIL2 PSP",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL) ",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Control for BeagleBone SL ",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u0026nbsp;could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
}
],
"value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T10:47:13.144Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#64318"
],
"discovery": "EXTERNAL"
},
"title": "CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-4224",
"datePublished": "2023-03-23T11:15:37.014Z",
"dateReserved": "2022-11-30T06:54:13.183Z",
"dateUpdated": "2024-08-03T01:34:49.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41659 (GCVE-0-2025-41659)
Vulnerability from cvelistv5
Published
2025-08-04 08:04
Modified
2025-08-04 16:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | CODESYS | Control RTE (SL) |
Version: 0.0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:34:47.316036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:35:32.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luca Borzacchiello from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.\u003cbr\u003e"
}
],
"value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:04:04.597Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-051"
}
],
"source": {
"advisory": "VDE-2025-051",
"defect": [
"CERT@VDE#641801"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control PKI Exposure Enables Remote Certificate Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41659",
"datePublished": "2025-08-04T08:04:04.597Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-08-04T16:35:32.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41691 (GCVE-0-2025-41691)
Vulnerability from cvelistv5
Published
2025-08-04 08:04
Modified
2025-08-04 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | CODESYS | Control RTE (SL) |
Version: 3.5.21.10 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:28:09.392670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:32:30.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:04:34.981Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-070"
}
],
"source": {
"advisory": "VDE-2025-070",
"defect": [
"CERT@VDE#641834"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control DoS via Unauthenticated NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41691",
"datePublished": "2025-08-04T08:04:34.981Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-08-04T16:32:30.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}