HIGH🇬🇧 English

CVE-2025-41738

CVSS 7.5v3.1pub. 2025-12-01upd. 2026-02-23

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Codesys Control For Beaglebone Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0 (bez)
  • Codesys Control For Empc A\/imx6 Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0
  • Codesys Control For Iot2000 Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0 (bez)
  • Codesys Control For Linux Arm Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0 (bez)
  • Codesys Control For Linux Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0 (bez)
  • Codesys Control For Pfc100 Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0
  • Codesys Control For Pfc200 Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0 (bez)
  • Codesys Control For Plcnext Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0 (bez)
  • Codesys Control For Raspberry Pi Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0 (bez)
  • Codesys Control For Wago Touch Panels 600 Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0
  • Codesys Control Rte Sl

    APP
    Codesys
    3.5.18.0 – 3.5.21.40 (bez)
  • Codesys Control Rte Sl \(for Beckhoff Cx\)

    APP
    Codesys
    3.5.18.0 – 3.5.21.40 (bez)
  • Codesys Control Win Sl

    APP
    Codesys
    3.5.18.0 – 3.5.21.40 (bez)
  • Codesys Hmi Sl

    APP
    Codesys
    3.5.18.0 – 3.5.21.40 (bez)
  • Codesys Remote Target Visu

    APP
    Codesys
    3.5.18.0 – 3.5.21.40 (bez)
  • Codesys Runtime Toolkit

    APP
    Codesys
    3.5.18.0 – 3.5.21.40 (bez)
  • Codesys Virtual Control Sl

    APP
    Codesys
    4.5.0.0 – 4.19.0.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-31806CRITICAL9.8ten sam produkt

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enable...

CVE-2021-33485CRITICAL9.8ten sam produkt

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

CVE-2019-9010CRITICAL9.8ten sam produkt

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the own...

CVE-2018-10612CRITICAL9.8ten sam produkt

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access managem...

CVE-2023-6357HIGH8.8ten sam produkt

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via fil...