VYPR

Codesys

by Codesys

CVEs (5)

  • CVE-2025-41659HigAug 4, 2025
    risk 0.54cvss 8.3epss 0.00

    A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only…

  • CVE-2023-5751HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. 

  • CVE-2024-8175HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

  • CVE-2024-5000HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

  • CVE-2025-41658MedAug 4, 2025
    risk 0.36cvss 5.5epss 0.00

    CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.