VDE-2025-099
Dec. 1, 2025, 12:00 PM
A vulnerability has been identified in the CODESYS Control runtime system, which includes an abstraction layer designed to ensure compatibility across different operating systems. This layer is used both by …
VDE-2025-100
Dec. 1, 2025, 11:00 AM
A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The …
VDE-2025-101
Dec. 1, 2025, 11:00 AM
A vulnerability has been discovered in the print engine of the CODESYS development system. If a CODESYS project file or archive file was crafted in a specific way, the CODESYS …
VDE-2025-051
Sept. 1, 2025, 12:00 PM
A vulnerability in the CODESYS Control runtime system allows low-privileged remote attackers to access the PKI folder via CODESYS protocol, enabling them to read and write certificates and keys. This …
VDE-2025-049
Aug. 4, 2025, 12:00 PM
On certain operating systems (e.g., Linux), default file system permissions may allow read access to the files of the CODESYS Control runtime system for non-administrator users. The documentation provided with …
VDE-2025-070
Oct. 14, 2025, 10:00 AM
A vulnerability in the CODESYS Control runtime system's CmpDevice component allows unauthenticated attackers to cause a denial-of-service (DoS) via specially crafted communication requests. The issue is triggered by a NULL …
VDE-2025-027
April 23, 2025, 12:00 PM
An unauthenticated attacker can read static visualization files of the CODESYS WebVisu, by bypassing the CODESYS Visualization user management applying forced browsing.
VDE-2025-022
June 5, 2025, 3:31 PM
The OPC UA security policy Basic128Rsa15 is vulnerable against attacks on the private key. This can lead to loss of confidentiality or authentication bypass. The CODESYS OPC UA server is …