CODESYS EtherNet/IP Improper Timeout Handling DoS (CVE-2026-35225)

Vulnerability Overview Vulnerability Name: Improper timeout handling in CODESYS EtherNet/IP CVE ID: CVE-2026-35225 CVSS Score: 7.5 (HIGH) Description: CODESYS EtherNet/IP is an add-on that provides a fully integrated EtherNet/IP protocol stack for the CODESYS development system. This vulnerability allows unauthenticated remote attackers to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, thereby preventing legitimate clients from establishing new connections. Affected Scope Affected Products: - CODESYS EtherNet/IP < 4.9.0.8 - CODESYS EtherNet/IP 4.9.0.8 Remediation Fixed Version: Update to CODESYS EtherNet/IP 4.9.0.8 or later. Additional Recommendations: - Use controllers and protected devices only in trusted environments to minimize network exposure, and ensure they are not accessible externally. - Protect and control the system’s network with firewalls, activate and enforce user management and password policies from external networks. - Restrict physical access to development and control systems. - If remote access is required, use encrypted communication links such as VPN. - Protect machines and plants against viruses and malware by regularly updating virus detection solutions. Additional Information Release Date: 2026-04-23T12:00:00.000Z Last Updated: 2026-04-23T12:24:47.32Z Reference Links: - CERTDE Security Advisories - CODESYS Security Advisories - CVSS Calculator Code Block No POC code or exploit code.

Goal Reached Thanks to every supporter — we hit 100%!

CODESYS EtherNet/IP Improper Timeout Handling DoS (CVE-2026-35225)