Skip to main content

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:18 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
4.21.0.0,3.5.22.0
EUVD ID Assigned
Mar 24, 2026 - 08:00 euvd
EUVD-2026-14784
Analysis Generated
Mar 24, 2026 - 08:00 vuln.today
CVE Published
Mar 24, 2026 - 07:42 nvd
HIGH 7.5

DescriptionCVE.org

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.

AnalysisAI

A format string vulnerability exists in the Audit Log component of CODESYS Control runtime system that allows unauthenticated remote attackers to inject malicious format specifiers into log messages. This affects numerous CODESYS Control products across multiple platforms including Windows, Linux, embedded systems (BeagleBone, Raspberry Pi, PFC100/200), and industrial controllers (Beckhoff CX, WAGO Touch Panels). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send crafted network packet to Audit Log
Exploit
Inject format string in message
Execution
Trigger memory read/write operations
Impact
Cause denial of service

Vulnerability AssessmentAI

Exploitation Requires CODESYS Control runtime system with Audit Log enabled and accessible over the network. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates this is a network-exploitable vulnerability requiring low attack complexity with no authentication, making it highly accessible to attackers. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker on the network identifies a CODESYS Control runtime system with accessible audit logging functionality, then crafts malicious network requests containing format string specifiers (such as %n, %s, or multiple %x sequences) that are processed by the audit log mechanism. When the CODESYS runtime processes these malicious format strings during log generation, the vulnerability triggers memory corruption or an exception condition that crashes the control runtime, causing a denial-of-service that halts industrial automation processes. …
Remediation Consult the CERT@VDE security advisory VDE-2026-018 at https://certvde.com/de/advisories/VDE-2026-018 for vendor-provided patches and specific version updates that address this format string vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all CODESYS Control installations in your environment using asset inventory and network scanning; notify relevant operations and engineering teams of exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-3509 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy