Browse all 94 CVE security advisories affecting CODESYS. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CODESYS serves as a widely adopted software development environment for industrial automation, enabling the creation of control applications for programmable logic controllers (PLCs). Its extensive use in critical infrastructure has made it a significant target for cyberattacks, resulting in 94 recorded Common Vulnerabilities and Exposures. Historically, the platform has been susceptible to remote code execution, buffer overflows, and privilege escalation flaws, often stemming from insecure default configurations or unpatched legacy components. Notable incidents include the exploitation of the CODESYS Control Win32 service, which allowed attackers to execute arbitrary commands with system-level privileges. These vulnerabilities highlight the risks associated with embedded industrial software, particularly when deployed without rigorous security hardening. The high volume of CVEs underscores the necessity for continuous patch management and secure coding practices within the industrial IoT ecosystem to mitigate potential operational disruptions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-2595 | Forced Browsing Vulnerability in CODESYS Visualization — CODESYS VisualizationCWE-425 | 5.3 | Medium | 2025-04-23 |
| CVE-2022-1989 | CODESYS Visualization vulnerable to user enumeration — CODESYS VisualizationCWE-204 | 5.3 | Medium | 2022-08-23 |
This page lists every published CVE security advisory associated with CODESYS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.