Skip to main content

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:18 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
4.21.0.0,3.5.22.0
EUVD ID Assigned
Mar 24, 2026 - 08:00 euvd
EUVD-2025-208957
Analysis Generated
Mar 24, 2026 - 08:00 vuln.today
CVE Published
Mar 24, 2026 - 07:41 nvd
HIGH 8.8

DescriptionCVE.org

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

AnalysisAI

A vulnerability in CODESYS Control runtime systems allows a low-privileged remote attacker to replace the boot application, resulting in arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects numerous CODESYS Control variants across multiple platforms including Linux, Windows, embedded systems, and industrial controllers. With a CVSS score of 8.8 and network-accessible attack vector requiring only low privileges, this represents a significant threat to industrial control systems and automation environments.

Technical ContextAI

CODESYS Control is a widely-deployed runtime system for programmable logic controllers (PLCs) and industrial automation devices. This vulnerability stems from CWE-669 (Incorrect Resource Transfer Between Spheres), indicating improper isolation or validation when handling boot application components. The affected products span the entire CODESYS ecosystem including Control RTE (Runtime Environment), Control Win, HMI, and Runtime Toolkit, as well as platform-specific implementations for Beckhoff CX controllers, BeagleBone, Raspberry Pi, WAGO Touch Panels, Linux ARM systems, IOT2000 devices, and PLCNext controllers. The boot application replacement mechanism lacks sufficient authorization checks, allowing authenticated users with low privileges to substitute legitimate boot code with malicious payloads that execute during system startup with elevated privileges.

RemediationAI

Organizations should immediately consult the CERT@VDE advisory at https://certvde.com/de/advisories/VDE-2026-011 for specific patching guidance and affected version details from CODESYS. Apply vendor-provided security updates as soon as they become available for all affected CODESYS Control runtime installations. Until patches can be deployed, implement compensating controls including restricting network access to CODESYS runtime systems using firewall rules that permit connections only from authorized engineering workstations and management systems, enforcing strong authentication with multi-factor authentication where possible, conducting audits of user privilege assignments to ensure least-privilege principles, monitoring for unauthorized boot application modifications through file integrity monitoring, and disabling remote access capabilities if not operationally required. Consider network segmentation to isolate industrial control systems from corporate networks and the internet.

Share

EUVD-2025-208957 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy