Advisories

Show filters filter

Manufacturer

Scoring

For CVSS 2.0, 3.0 and 3.2

No CVE available

0.1 - 3.9

4 - 6.9

7 - 8.9

9 - 10

VDE-2026-057

May 26, 2026, 12:00 PM

CODESYS Control - Out-of-bounds Write

The CmpWebServer component in the CODESYS Control Runtime allows users to create browser-based visualizations for monitoring and controlling industrial processes. Due to improper bounds checking, a specially crafted HTTP request …

CVE-2026-8047

VDE-2026-055

May 26, 2026, 12:00 PM

CODESYS Development System - Incorrect Default Permissions

Two local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. …

CVE-2026-44469

CVE-2026-44468

VDE-2026-052

May 21, 2026, 12:00 PM

CODESYS Visualization - Insufficiently Protected Credentials

A vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations …

CVE-2026-0393

VDE-2026-042

May 12, 2026, 9:00 AM

CODESYS Modbus TCP Server - Improper resource management

CODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server …

CVE-2026-35227

VDE-2026-040

April 23, 2026, 2:00 PM

CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack …

CVE-2026-35225

VDE-2026-018

March 24, 2026, 9:00 AM

CODESYS Control V3 - Externally-controlled format string in Auditlog

The CODESYS Control runtime system's CmpAuditLog component allows potentially unauthenticated remote attackers to control the format string of processed log messages. Due to the internal processing logic, the impact is …

CVE-2026-3509

VDE-2026-011

March 24, 2026, 9:00 AM

CODESYS Control V3 - Untrusted boot application

The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups. While only the privileged Administrators and Developer groups are intended to load or debug applications on …

CVE-2025-41660

VDE-2026-012

March 10, 2026, 11:00 AM

CODESYS Installer - Possible Privilege Escalation

The CODESYS Installer is affected by a privilege escalation vulnerability. Due to a race condition, a local attacker with limited privileges can replace the verified downloaded setup before execution. Because …

CVE-2026-2364