Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CODESYS — Vulnerabilities & Security Advisories 94

Browse all 94 CVE security advisories affecting CODESYS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CODESYS serves as a widely adopted software development environment for industrial automation, enabling the creation of control applications for programmable logic controllers (PLCs). Its extensive use in critical infrastructure has made it a significant target for cyberattacks, resulting in 94 recorded Common Vulnerabilities and Exposures. Historically, the platform has been susceptible to remote code execution, buffer overflows, and privilege escalation flaws, often stemming from insecure default configurations or unpatched legacy components. Notable incidents include the exploitation of the CODESYS Control Win32 service, which allowed attackers to execute arbitrary commands with system-level privileges. These vulnerabilities highlight the risks associated with embedded industrial software, particularly when deployed without rigorous security hardening. The high volume of CVEs underscores the necessity for continuous patch management and secure coding practices within the industrial IoT ecosystem to mitigate potential operational disruptions.

Top products by CODESYS: CODESYS Control RTE (SL) CODESYS Control for BeagleBone SL Runtime Toolkit CODESYS V2 CODESYS Development System CODESYS Gateway Server V2 CODESYS Visualization Control RTE (SL) CODESYS Development System V2.3 CODESYS PLCWinNT CODESYS EtherNetIP CODESYS Installer CODESYS PLCHandler CODESYS Edge Gateway CODESYS Runtime Toolkit CODESYS Control Win (SL) CODESYS Development System V3 3S-Smart CODESYS Gateway Server Control RTE (SL) Control for BeagleBone CODESYS OPC DA Server CODESYS Git CODESYS V3 containing the CmpUserMgr
CVE IDTitleCVSSSeverityPublished
CVE-2026-35225 Improper timeout handling in CODESYS EtherNetIP — CODESYS EtherNetIPCWE-754 5.3AIMediumAI2026-04-23
CVE-2026-3509 CODESYS Control Audit Log Format String DoS — CODESYS Control RTE (SL)CWE-134 7.5 High2026-03-24
CVE-2025-41660 CODESYS Control Boot Application Replacement Enables Code Execution — CODESYS Control RTE (SL)CWE-669 8.8 High2026-03-24
CVE-2026-2364 CODESYS Installer TOCTOU Privilege Escalation — CODESYS InstallerCWE-367 7.3 High2026-03-10
CVE-2025-41700 CODESYS Development System - Deserialization of Untrusted Data — CODESYS Development SystemCWE-502 7.8 High2025-12-01
CVE-2025-41738 CODESYS Control - Invalid type usage in visualization — CODESYS Control RTE (SL)CWE-843 7.5 High2025-12-01
CVE-2025-41739 CODESYS Control - Linux/QNX SysSocket flaw — CODESYS PLCHandlerCWE-125 5.9 Medium2025-12-01
CVE-2025-41691 CODESYS Control DoS via Unauthenticated NULL Pointer Dereference — Control RTE (SL)CWE-476 7.5 High2025-08-04
CVE-2025-41659 CODESYS Control PKI Exposure Enables Remote Certificate Access — Control RTE (SL)CWE-732 8.3 High2025-08-04
CVE-2025-41658 CODESYS Toolkit Exposes Sensitive Files via Default Permissions — Runtime ToolkitCWE-276 5.5 Medium2025-08-04
CVE-2025-2595 Forced Browsing Vulnerability in CODESYS Visualization — CODESYS VisualizationCWE-425 5.3 Medium2025-04-23
CVE-2024-41975 CODESYS (Edge) Gateway for Windows insecure default — CODESYS Edge GatewayCWE-1188 5.3 Medium2025-03-18
CVE-2025-0694 CODESYS Control V3 removable media path traversal — CODESYS Control for BeagleBone SLCWE-22 6.6 Medium2025-03-18
CVE-2025-1468 CODESYS Control V3 - OPC UA Server Authentication bypass — CODESYS Runtime ToolkitCWE-203 7.5 High2025-03-18
CVE-2024-8175 CODESYS: web server vulnerable to DoS — CODESYS Control for BeagleBone SLCWE-754 7.5 High2024-09-25
CVE-2023-5751 CODESYS: Development system prone to DoS through exposure of resource to wrong sphere — CODESYS Control Win (SL)CWE-668 7.8 High2024-06-04
CVE-2024-5000 CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products — CODESYS Control for BeagleBone SLCWE-131 7.5 High2024-06-04
CVE-2023-49676 CODESYS: Use after free vulnerability through corrupted project files — CODESYS Development System V2.3CWE-416 5.5 Medium2024-05-06
CVE-2023-49675 CODESYS: Out-of-bounds write through corrupted project files — CODESYS Development System V2.3CWE-787 7.8 High2024-05-06
CVE-2023-6357 OS Command Injection in multiple CODESYS products — CODESYS Control for BeagleBone SLCWE-78 8.8 High2023-12-05
CVE-2022-4046 CODESYS: Improper memory restrictions fro CODESYS Control — CODESYS Control for BeagleBone SLCWE-119 8.8 High2023-08-03
CVE-2023-3669 CODESYS: Missing Brute-Force protection in CODESYS Development System — CODESYS Development SystemCWE-307 3.3 Low2023-08-03
CVE-2023-37559 CODESYS Improper Validation of Consistency within Input in multiple products — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37558 CODESYS Improper Validation of Consistency within Input in multiple products — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37557 CODESYS Heap-based Buffer Overflow in multiple products — CODESYS Control for BeagleBone SLCWE-787 6.5 Medium2023-08-03
CVE-2023-37556 CODESYS Improper Input Validation in CmpAppBP — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37555 CODESYS Improper Input Validation in CmpAppBP — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37554 CODESYS Improper Input Validation in CmpAppBP — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37553 CODESYS Improper Input Validation in CmpAppBP — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37552 CODESYS Improper Input Validation in CmpAppBP — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03

This page lists every published CVE security advisory associated with CODESYS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.