Summary
A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The issue is triggered by an internal read access using a pointer of wrong type.
Only CODESYS Control runtime systems and PLCs based on the CODESYS Runtime Toolkit that include the CmpVisuServer component are impacted.
In the case of CODESYS Web Visu, the vulnerability can only be exploited if the web server is running. When the web server starts depends on the startup configuration: By default, it is only running if the PLC executes application code that includes a visualization.
Impact
Exploitation of this vulnerability can lead to a denial-of-service (DoS) condition on affected PLCs, disrupting industrial control systems.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| CODESYS Control RTE (SL) 3.5.18.0<3.5.21.40 | CODESYS Control RTE (SL) 3.5.18.0<3.5.21.40 | |
| CODESYS Control RTE (for Beckhoff CX) SL 3.5.18.0<3.5.21.40 | CODESYS Control RTE (for Beckhoff CX) SL 3.5.18.0<3.5.21.40 | |
| CODESYS Control Win (SL) 3.5.18.0<3.5.21.40 | CODESYS Control Win (SL) 3.5.18.0<3.5.21.40 | |
| CODESYS Control for BeagleBone SL 4.5.0.0<4.19.0.0 | CODESYS Control for BeagleBone SL 4.5.0.0<4.19.0.0 | |
| CODESYS Control for IOT2000 SL 4.5.0.0<4.19.0.0 | CODESYS Control for IOT2000 SL 4.5.0.0<4.19.0.0 | |
| CODESYS Control for Linux ARM SL 4.5.0.0<4.19.0.0 | CODESYS Control for Linux ARM SL 4.5.0.0<4.19.0.0 | |
| CODESYS Control for Linux SL 4.5.0.0<4.19.0.0 | CODESYS Control for Linux SL 4.5.0.0<4.19.0.0 | |
| CODESYS Control for PFC100 SL 4.5.0.0<4.19.0.0 | CODESYS Control for PFC100 SL 4.5.0.0<4.19.0.0 | |
| CODESYS Control for PFC200 SL 4.5.0.0<4.19.0.0 | CODESYS Control for PFC200 SL 4.5.0.0<4.19.0.0 | |
| CODESYS Control for PLCnext SL 4.5.0.0<4.19.0.0 | CODESYS Control for PLCnext SL 4.5.0.0<4.19.0.0 | |
| CODESYS Control for Raspberry Pi SL 4.5.0.0<4.19.0.0 | CODESYS Control for Raspberry Pi SL 4.5.0.0<4.19.0.0 | |
| CODESYS Control for WAGO Touch Panels 600 SL 4.5.0.0<4.19.0.0 | CODESYS Control for WAGO Touch Panels 600 SL 4.5.0.0<4.19.0.0 | |
| CODESYS Control for emPC-A/iMX6 SL 4.5.0.0<4.19.0.0 | CODESYS Control for emPC-A/iMX6 SL 4.5.0.0<4.19.0.0 | |
| CODESYS HMI (SL) 3.5.18.0<3.5.21.40 | CODESYS HMI (SL) 3.5.18.0<3.5.21.40 | |
| CODESYS Remote Target Visu 3.5.18.0<3.5.21.40 | CODESYS Remote Target Visu 3.5.18.0<3.5.21.40 | |
| CODESYS Runtime Toolkit 3.5.18.0<3.5.21.40 | CODESYS Runtime Toolkit 3.5.18.0<3.5.21.40 | |
| CODESYS Virtual Control SL 4.5.0.0<4.19.0.0 | CODESYS Virtual Control SL 4.5.0.0<4.19.0.0 |
Vulnerabilities
Expand / Collapse allAn unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
Remediation
Update the following products to version 3.5.21.40.
* CODESYS Control RTE (SL)
* CODESYS Control RTE (for Beckhoff CX) SL
* CODESYS Control Win (SL)
* CODESYS HMI (SL)
* CODESYS Remote Target Visu
* CODESYS Runtime Toolkit
Update the following products to version 4.19.0.0. The release of this version is expected for Q1 2026.
* CODESYS Control for BeagleBone SL
* CODESYS Control for emPC-A/iMX6 SL
* CODESYS Control for IOT2000 SL
* CODESYS Control for Linux ARM SL
* CODESYS Control for Linux SL
* CODESYS Control for PFC100 SL
* CODESYS Control for PFC200 SL
* CODESYS Control for PLCnext SL
* CODESYS Control for Raspberry Pi SL
* CODESYS Control for WAGO Touch Panels 600 SL
* CODESYS Virtual Control SL
The CODESYS Development System and the products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download/.
Acknowledgments
CODESYS GmbH thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://www.certvde.com )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 12/01/2025 11:00 | Initial revision. |