Vulnerabilites related to CODESYS - Control for emPC-A/iMX6 SL
var-202204-0725
Vulnerability from variot
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0725",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beckhoff cx9020",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beckhoff cx9020",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"cve": "CVE-2022-22514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2022-22514",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-411083",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-22514",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22514",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-22514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-22514",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2621",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-411083",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22514",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22514",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411083",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22514",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"id": "VAR-202204-0725",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:10:48.063000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189800"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-822",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "unreliable pointer dereference (CWE-822) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22514"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22514/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/822.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-411083"
},
{
"date": "2022-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"date": "2022-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"date": "2022-04-07T19:15:08.133000",
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411083"
},
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"date": "2023-07-24T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"date": "2022-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"date": "2024-11-21T06:46:56.033000",
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product Untrusted Pointer Dereference Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
}
],
"trust": 0.6
}
}
var-202204-1265
Vulnerability from variot
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an insufficient random value usage vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beckhoff cx9020",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beckhoff cx9020",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"cve": "CVE-2022-22517",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22517",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-411086",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22517",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22517",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-22517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-22517",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2618",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-411086",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22517",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an insufficient random value usage vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22517",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411086",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22517",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"id": "VAR-202204-1265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:47:27.660000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Fixing measures for security feature vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189797"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "CWE-334",
"trust": 1.0
},
{
"problemtype": "Insufficient use of random values (CWE-330) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22517"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22517/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17091\u0026amp;token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-411086"
},
{
"date": "2022-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"date": "2022-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"date": "2022-04-07T19:15:08.300000",
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-411086"
},
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"date": "2023-07-24T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"date": "2024-11-21T06:46:56.430000",
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Insufficient Random Value Usage Vulnerability in Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
}
],
"trust": 0.6
}
}
var-202204-1264
Vulnerability from variot
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beckhoff cx9020",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beckhoff cx9020",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"cve": "CVE-2022-22513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2022-22513",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-411082",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-22513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22513",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22513",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-22513",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-22513",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2623",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-411082",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2022-22513",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22513",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411082",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22513",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"id": "VAR-202204-1264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:10:54.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189579"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22513"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22513/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-411082"
},
{
"date": "2022-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"date": "2023-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"date": "2022-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"date": "2022-04-07T19:15:08.073000",
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411082"
},
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"date": "2023-07-21T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"date": "2022-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"date": "2024-11-21T06:46:55.900000",
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
}
],
"trust": 0.6
}
}
CVE-2025-41691 (GCVE-0-2025-41691)
Vulnerability from cvelistv5
Published
2025-08-04 08:04
Modified
2025-08-04 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | Control RTE (SL) |
Version: 3.5.21.10 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:28:09.392670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:32:30.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "3.5.21.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "4.16.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:04:34.981Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-070"
}
],
"source": {
"advisory": "VDE-2025-070",
"defect": [
"CERT@VDE#641834"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control DoS via Unauthenticated NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41691",
"datePublished": "2025-08-04T08:04:34.981Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-08-04T16:32:30.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41659 (GCVE-0-2025-41659)
Vulnerability from cvelistv5
Published
2025-08-04 08:04
Modified
2025-08-04 16:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | Control RTE (SL) |
Version: 0.0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:34:47.316036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:35:32.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.17.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luca Borzacchiello from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.\u003cbr\u003e"
}
],
"value": "A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:04:04.597Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-051"
}
],
"source": {
"advisory": "VDE-2025-051",
"defect": [
"CERT@VDE#641801"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Control PKI Exposure Enables Remote Certificate Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41659",
"datePublished": "2025-08-04T08:04:04.597Z",
"dateReserved": "2025-04-16T11:17:48.307Z",
"dateUpdated": "2025-08-04T16:35:32.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4224 (GCVE-0-2022-4224)
Vulnerability from cvelistv5
Published
2023-03-23 11:15
Modified
2024-08-03 01:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Summary
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | Control RTE (SL) |
Version: 3.0.0.0 < 3.5.19.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:49.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control RTE (SL) ",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Runtime Toolkit ",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Safety SIL2 Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Safety SIL2 PSP",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI (SL) ",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.19.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Control for BeagleBone SL ",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.8.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u0026nbsp;could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
}
],
"value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T10:47:13.144Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#64318"
],
"discovery": "EXTERNAL"
},
"title": "CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-4224",
"datePublished": "2023-03-23T11:15:37.014Z",
"dateReserved": "2022-11-30T06:54:13.183Z",
"dateUpdated": "2024-08-03T01:34:49.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41658 (GCVE-0-2025-41658)
Vulnerability from cvelistv5
Published
2025-08-04 08:03
Modified
2025-08-04 11:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | Runtime Toolkit |
Version: 0.0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T11:52:31.347383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T11:52:37.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.20",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.16.0.0",
"status": "affected",
"version": "0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luca Borzacchiello from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.\u003cbr\u003e"
}
],
"value": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T08:03:26.511Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-049"
}
],
"source": {
"advisory": "VDE-2025-049",
"defect": [
"CERT@VDE#641799"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS Toolkit Exposes Sensitive Files via Default Permissions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41658",
"datePublished": "2025-08-04T08:03:26.511Z",
"dateReserved": "2025-04-16T11:17:48.306Z",
"dateUpdated": "2025-08-04T11:52:37.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}