cvelistv5 - cve-2025-41659

CVE-2025-41659 (GCVE-0-2025-41659)

Vulnerability from cvelistv5

Published

2025-08-04 08:04

Modified

2025-08-04 16:35

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Summary

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

References

►

URL

Tags

info@cert.vde.com

https://certvde.com/de/advisories/VDE-2025-051

Impacted products

Vendor

Product

Version

►

CODESYS

Control RTE (SL)

Version: 0.0.0.0 ≤

CODESYS	Control RTE (for Beckhoff CX) SL	Version: 0.0.0.0 ≤
CODESYS	Control Win (SL)	Version: 0.0.0.0 ≤
CODESYS	HMI (SL)	Version: 0.0.0.0 ≤
CODESYS	Runtime Toolkit	Version: 0.0.0.0 ≤
CODESYS	Control for BeagleBone SL	Version: 0.0.0.0 ≤
CODESYS	Control for emPC-A/iMX6 SL	Version: 0.0.0.0 ≤
CODESYS	Control for IOT2000 SL	Version: 0.0.0.0 ≤
CODESYS	Control for Linux ARM SL	Version: 0.0.0.0 ≤
CODESYS	Control for Linux SL	Version: 0.0.0.0 ≤
CODESYS	Control for PFC100 SL	Version: 0.0.0.0 ≤
CODESYS	Control for PFC200 SL	Version: 0.0.0.0 ≤
CODESYS	Control for PLCnext SL	Version: 0.0.0.0 ≤
CODESYS	Control for Raspberry Pi SL	Version: 0.0.0.0 ≤
CODESYS	Control for WAGO Touch Panels 600 SL	Version: 0.0.0.0 ≤
CODESYS	Virtual Control SL	Version: 0.0.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-04T16:34:47.316036Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-04T16:35:32.484Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Control RTE (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.21.20",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control RTE (for Beckhoff CX) SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.21.20",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control Win (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.21.20",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HMI (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.21.20",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Runtime Toolkit",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.21.20",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for BeagleBone SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for emPC-A/iMX6 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for IOT2000 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for Linux ARM SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for Linux SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for PFC100 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for PFC200 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for PLCnext SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for Raspberry Pi SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for WAGO Touch Panels 600 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Virtual Control SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.17.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Luca Borzacchiello from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.\u003cbr\u003e"
            }
          ],
          "value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-04T08:04:04.597Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-051"
        }
      ],
      "source": {
        "advisory": "VDE-2025-051",
        "defect": [
          "CERT@VDE#641801"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "CODESYS Control PKI Exposure Enables Remote Certificate Access",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-41659",
    "datePublished": "2025-08-04T08:04:04.597Z",
    "dateReserved": "2025-04-16T11:17:48.307Z",
    "dateUpdated": "2025-08-04T16:35:32.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-41659\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2025-08-04T08:15:48.173\",\"lastModified\":\"2025-08-04T15:06:15.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.\"},{\"lang\":\"es\",\"value\":\"Un atacante con pocos privilegios puede acceder remotamente a la carpeta PKI del sistema de ejecuci\u00f3n de CODESYS Control y, por lo tanto, leer y escribir certificados y sus claves. Esto permite extraer datos confidenciales o aceptar certificados como de confianza. Aunque todos los servicios permanecen disponibles, solo es posible la comunicaci\u00f3n sin cifrar si se eliminan los certificados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"references\":[{\"url\":\"https://certvde.com/de/advisories/VDE-2025-051\",\"source\":\"info@cert.vde.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41659\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-04T16:34:47.316036Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-04T16:35:19.558Z\"}}], \"cna\": {\"title\": \"CODESYS Control PKI Exposure Enables Remote Certificate Access\", \"source\": {\"defect\": [\"CERT@VDE#641801\"], \"advisory\": \"VDE-2025-051\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Luca Borzacchiello from Nozomi Networks\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"CODESYS\", \"product\": \"Control RTE (SL)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"3.5.21.20\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control RTE (for Beckhoff CX) SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"3.5.21.20\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control Win (SL)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"3.5.21.20\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"HMI (SL)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"3.5.21.20\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Runtime Toolkit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"3.5.21.20\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for BeagleBone SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for emPC-A/iMX6 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for IOT2000 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for Linux ARM SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for Linux SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for PFC100 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for PFC200 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for PLCnext SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for Raspberry Pi SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Control for WAGO Touch Panels 600 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"Virtual Control SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0.0\", \"lessThan\": \"4.17.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://certvde.com/de/advisories/VDE-2025-051\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732 Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2025-08-04T08:04:04.597Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-41659\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-04T16:35:32.484Z\", \"dateReserved\": \"2025-04-16T11:17:48.307Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2025-08-04T08:04:04.597Z\", \"assignerShortName\": \"CERTVDE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-41659

Vulnerability from fkie_nvd

Published

2025-08-04 08:15

Modified

2025-08-04 15:06

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Summary

References

▶	URL	Tags
	info@cert.vde.com	https://certvde.com/de/advisories/VDE-2025-051

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted."
    },
    {
      "lang": "es",
      "value": "Un atacante con pocos privilegios puede acceder remotamente a la carpeta PKI del sistema de ejecuci\u00f3n de CODESYS Control y, por lo tanto, leer y escribir certificados y sus claves. Esto permite extraer datos confidenciales o aceptar certificados como de confianza. Aunque todos los servicios permanecen disponibles, solo es posible la comunicaci\u00f3n sin cifrar si se eliminan los certificados."
    }
  ],
  "id": "CVE-2025-41659",
  "lastModified": "2025-08-04T15:06:15.833",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "info@cert.vde.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-04T08:15:48.173",
  "references": [
    {
      "source": "info@cert.vde.com",
      "url": "https://certvde.com/de/advisories/VDE-2025-051"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

wid-sec-w-2025-1705

Vulnerability from csaf_certbund

Published

2025-08-03 22:00

Modified

2025-08-04 22:00

Summary

CODESYS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

CODESYS ist eine herstellerunabhängige Automatisierungssoftware für die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.

Angriff

Ein Angreifer kann mehrere Schwachstellen in CODESYS ausnutzen, um einen Denial-of-Service-Zustand auszulösen, Daten zu manipulieren und vertrauliche Informationen preiszugeben.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "CODESYS ist eine herstellerunabh\u00e4ngige Automatisierungssoftware f\u00fcr die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in CODESYS ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Daten zu manipulieren und vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1705 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1705.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1705 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1705"
      },
      {
        "category": "external",
        "summary": "VDE CERT Advisory vom 2025-08-03",
        "url": "https://certvde.com/de/advisories/VDE-2025-049"
      },
      {
        "category": "external",
        "summary": "VDE CERT Advisory vom 2025-08-03",
        "url": "https://certvde.com/de/advisories/VDE-2025-051"
      },
      {
        "category": "external",
        "summary": "VDE CERT Advisory vom 2025-08-03",
        "url": "https://certvde.com/de/advisories/VDE-2025-070/"
      }
    ],
    "source_lang": "en-US",
    "title": "CODESYS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-04T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-05T06:54:24.153+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1705",
      "initial_release_date": "2025-08-03T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-03T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-23491, EUVD-2025-23492, EUVD-2025-23490"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.16.0.0",
                "product": {
                  "name": "CODESYS CODESYS \u003c4.16.0.0",
                  "product_id": "T045845"
                }
              },
              {
                "category": "product_version",
                "name": "4.16.0.0",
                "product": {
                  "name": "CODESYS CODESYS 4.16.0.0",
                  "product_id": "T045845-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:codesys:codesys:4.16.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.5.21.20",
                "product": {
                  "name": "CODESYS CODESYS \u003c3.5.21.20",
                  "product_id": "T045846"
                }
              },
              {
                "category": "product_version",
                "name": "3.5.21.20",
                "product": {
                  "name": "CODESYS CODESYS 3.5.21.20",
                  "product_id": "T045846-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:codesys:codesys:3.5.21.20"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.17.0.0",
                "product": {
                  "name": "CODESYS CODESYS \u003c4.17.0.0",
                  "product_id": "T045847"
                }
              },
              {
                "category": "product_version",
                "name": "4.17.0.0",
                "product": {
                  "name": "CODESYS CODESYS 4.17.0.0",
                  "product_id": "T045847-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:codesys:codesys:4.17.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS"
          }
        ],
        "category": "vendor",
        "name": "CODESYS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-41658",
      "product_status": {
        "known_affected": [
          "T045846",
          "T045845"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-41658"
    },
    {
      "cve": "CVE-2025-41659",
      "product_status": {
        "known_affected": [
          "T045846",
          "T045845",
          "T045847"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-41659"
    },
    {
      "cve": "CVE-2025-41691",
      "product_status": {
        "known_affected": [
          "T045846",
          "T045845",
          "T045847"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-41691"
    }
  ]
}

ghsa-x97q-fjxx-pvxm

Vulnerability from github

Published

2025-08-04 09:30

Modified

2025-08-04 09:30

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-41659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-04T08:15:48Z",
    "severity": "HIGH"
  },
  "details": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.",
  "id": "GHSA-x97q-fjxx-pvxm",
  "modified": "2025-08-04T09:30:28Z",
  "published": "2025-08-04T09:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41659"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/de/advisories/VDE-2025-051"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-41659 (GCVE-0-2025-41659)

Vulnerability from cvelistv5

fkie_cve-2025-41659

Vulnerability from fkie_nvd

wid-sec-w-2025-1705

Vulnerability from csaf_certbund

ghsa-x97q-fjxx-pvxm

Vulnerability from github

Tags

Sightings

Nomenclature