Search criteria
4 vulnerabilities found for CODESYS Visualization by CODESYS
CVE-2025-2595 (GCVE-0-2025-2595)
Vulnerability from cvelistv5 – Published: 2025-04-23 07:54 – Updated: 2025-04-23 16:27
VLAI?
Title
Forced Browsing Vulnerability in CODESYS Visualization
Summary
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Severity ?
5.3 (Medium)
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Visualization |
Affected:
0.0.0.0 , < 4.8.0.0
(semver)
|
Credits
M. Ankith by Honeywell
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:25:51.380319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:27:02.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Visualization",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "M. Ankith by Honeywell"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
}
],
"value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T07:54:00.430Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-027"
}
],
"source": {
"advisory": "VDE-2025-027",
"defect": [
"CERT@VDE#641763"
],
"discovery": "UNKNOWN"
},
"title": "Forced Browsing Vulnerability in CODESYS Visualization",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-2595",
"datePublished": "2025-04-23T07:54:00.430Z",
"dateReserved": "2025-03-21T09:47:52.440Z",
"dateUpdated": "2025-04-23T16:27:02.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1989 (GCVE-0-2022-1989)
Vulnerability from cvelistv5 – Published: 2022-08-23 09:55 – Updated: 2024-09-16 18:29
VLAI?
Title
CODESYS Visualization vulnerable to user enumeration
Summary
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Visualization |
Affected:
V3 , < V4.2.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Visualization",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.2.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T09:55:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Visualization vulnerable to user enumeration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-03T10:00:00.000Z",
"ID": "CVE-2022-1989",
"STATE": "PUBLIC",
"TITLE": "CODESYS Visualization vulnerable to user enumeration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Visualization",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.2.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204 Response Discrepancy Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-1989",
"datePublished": "2022-08-23T09:55:29.938259Z",
"dateReserved": "2022-06-03T00:00:00",
"dateUpdated": "2024-09-16T18:29:51.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2595 (GCVE-0-2025-2595)
Vulnerability from nvd – Published: 2025-04-23 07:54 – Updated: 2025-04-23 16:27
VLAI?
Title
Forced Browsing Vulnerability in CODESYS Visualization
Summary
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Severity ?
5.3 (Medium)
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Visualization |
Affected:
0.0.0.0 , < 4.8.0.0
(semver)
|
Credits
M. Ankith by Honeywell
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:25:51.380319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:27:02.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Visualization",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "M. Ankith by Honeywell"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
}
],
"value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T07:54:00.430Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-027"
}
],
"source": {
"advisory": "VDE-2025-027",
"defect": [
"CERT@VDE#641763"
],
"discovery": "UNKNOWN"
},
"title": "Forced Browsing Vulnerability in CODESYS Visualization",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-2595",
"datePublished": "2025-04-23T07:54:00.430Z",
"dateReserved": "2025-03-21T09:47:52.440Z",
"dateUpdated": "2025-04-23T16:27:02.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1989 (GCVE-0-2022-1989)
Vulnerability from nvd – Published: 2022-08-23 09:55 – Updated: 2024-09-16 18:29
VLAI?
Title
CODESYS Visualization vulnerable to user enumeration
Summary
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Visualization |
Affected:
V3 , < V4.2.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Visualization",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.2.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T09:55:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Visualization vulnerable to user enumeration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-03T10:00:00.000Z",
"ID": "CVE-2022-1989",
"STATE": "PUBLIC",
"TITLE": "CODESYS Visualization vulnerable to user enumeration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Visualization",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.2.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204 Response Discrepancy Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-1989",
"datePublished": "2022-08-23T09:55:29.938259Z",
"dateReserved": "2022-06-03T00:00:00",
"dateUpdated": "2024-09-16T18:29:51.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}