Codesys
by Codesys
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-41659 | Hig | 0.54 | 8.3 | 0.00 | Aug 4, 2025 | A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only… | ||
| CVE-2023-5751 | Hig | 0.51 | 7.8 | 0.00 | Jun 4, 2024 | A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. | ||
| CVE-2024-8175 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2024 | An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. | ||
| CVE-2024-5000 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2024 | An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. | ||
| CVE-2025-41658 | Med | 0.36 | 5.5 | 0.00 | Aug 4, 2025 | CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. |
- risk 0.54cvss 8.3epss 0.00
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only…
- risk 0.51cvss 7.8epss 0.00
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.
- risk 0.49cvss 7.5epss 0.01
An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.
- risk 0.49cvss 7.5epss 0.01
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.
- risk 0.36cvss 5.5epss 0.00
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.