CODESYS Control NULL Pointer Dereference DoS Vulnerability (CVE-2025-4181)

Critical Vulnerability Information Vulnerability ID VDE-2025-070 Release and Update Dates Release Date: 2025-08-04 12:30 (CEST) Last Updated: 2025-08-01 14:13 (CEST) Affected Products and Versions CODESYS Control for BeagleBone SL: 4.16.0.0 < 4.17.0.0 CODESYS Control for omPC A/WMX6 SL: 4.16.0.0 < 4.17.0.0 CODESYS Control for IOT2040 SL: 4.16.0.0 < 4.17.0.0 CODESYS Control for Linux ARM SL: 4.16.0.0 < 4.17.0.0 CODESYS Control for Linux SL: 4.16.0.0 < 4.17.0.0 CODESYS Control for PPC100 SL: 4.16.0.0 < 4.17.0.0 CODESYS Control for PPC200 SL: 4.16.0.0 < 4.17.0.0 CODESYS Control for PLCnext SL: 4.16.0.0 < 4.17.0.0 CODESYS Control for Raspberry Pi SL: 4.16.0.0 < 4.17.0.0 CODESYS Control for WAGO Touch Panels 600 SL: 4.16.0.0 < 4.17.0.0 CODESYS Control RTE (for Beckhoff CX) SL: 3.5.21.10 < 3.5.21.20 CODESYS Control RTE (SL): 3.5.21.10 < 3.5.21.20 CODESYS Control Win (SL): 3.5.21.10 < 3.5.21.20 CODESYS HMI (SL): 3.5.21.10 < 3.5.21.20 CODESYS Virtual Control SL: 4.16.0.0 < 4.17.0.0 Vulnerability Description A vulnerability exists in the CmpDevice component of the CODESYS Control runtime system, allowing unauthorized attackers to trigger a denial-of-service (DoS) condition via carefully crafted communication requests. The issue is triggered by a NULL pointer dereference and affects systems attempting to log in using outdated CODESYS clients. CVE ID CVE-2025-4181 Severity 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) Weakness Type NULL Pointer Dereference (CWE-476) Impact Exploitation of this vulnerability may lead to a denial-of-service (DoS) condition on affected PLCs, disrupting industrial control systems. Solution Update the following products to version 3.5.21.20: - CODESYS Control RTE (SL) - CODESYS Control RTE (for Beckhoff CX) SL - CODESYS Control Win (SL) - CODESYS Runtime Toolkit Update the following products to version 4.17.0.0: - CODESYS Control for BeagleBone SL - CODESYS Control for omPC A/WMX6 SL - CODESYS Control for IOT2040 SL - CODESYS Control for Linux ARM SL - CODESYS Control for Linux SL - CODESYS Control for PPC100 SL - CODESYS Control for PPC200 SL - CODESYS Control for PLCnext SL - CODESYS Control for Raspberry Pi SL - CODESYS Control for WAGO Touch Panels 600 SL - CODESYS Virtual Control SL Reporter CERT@VDE in coordination with CODESYS GmbH

Goal Reached Thanks to every supporter — we hit 100%!

CODESYS Control NULL Pointer Dereference DoS Vulnerability (CVE-2025-4181)