VDE-2026-040
April 23, 2026, 2:00 nachm.
CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack …
VDE-2026-018
März 24, 2026, 9:00 vorm.
The CODESYS Control runtime system's CmpAuditLog component allows potentially unauthenticated remote attackers to control the format string of processed log messages. Due to the internal processing logic, the impact is …
VDE-2026-011
März 24, 2026, 9:00 vorm.
The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups. While only the privileged Administrators and Developer groups are intended to load or debug applications on …
VDE-2026-012
März 10, 2026, 11:00 vorm.
The CODESYS Installer is affected by a privilege escalation vulnerability. Due to a race condition, a local attacker with limited privileges can replace the verified downloaded setup before execution. Because …
VDE-2025-099
Feb. 12, 2026, 12:00 nachm.
A vulnerability has been identified in the CODESYS Control runtime system, which includes an abstraction layer designed to ensure compatibility across different operating systems. This layer is used both by …
VDE-2025-101
Dez. 1, 2025, 11:00 vorm.
A vulnerability has been discovered in the print engine of the CODESYS development system. If a CODESYS project file or archive file was crafted in a specific way, the CODESYS …
VDE-2025-100
Feb. 12, 2026, 12:00 nachm.
A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The …
VDE-2025-051
Sept. 1, 2025, 12:00 nachm.
A vulnerability in the CODESYS Control runtime system allows low-privileged remote attackers to access the PKI folder via CODESYS protocol, enabling them to read and write certificates and keys. This …