Skip to main content

Codesys Control For Linux Arm Sl

4 CVEs product

Monthly

CVE-2026-8047 HIGH PATCH This Week

Denial of service in CODESYS Control runtime products and HMI/Toolkit components allows unauthenticated remote attackers to crash affected industrial control systems by sending malformed HTTP requests that trigger a size-limited out-of-bounds write during length parsing. The flaw affects a broad range of CODESYS runtime variants used across PLCs, industrial PCs, and embedded controllers from vendors like Beckhoff, WAGO, and Raspberry Pi-based deployments. No public exploit identified at time of analysis, EPSS is low (0.07%), but the network-reachable, no-privileges-required attack surface makes this operationally significant for OT environments.

Buffer Overflow Denial Of Service Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl Codesys Control Win Sl +13
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-8046 HIGH PATCH This Week

Privilege escalation through unauthorized account deletion in CODESYS Control runtime products (versions below 3.5.22.20 / 4.21.0.0) allows authenticated low-privileged remote users to delete other accounts, including administrators. Reported by CERT@VDE under advisory VDE-2026-056, with no public exploit identified at time of analysis and a low EPSS score of 0.10% (26th percentile), suggesting limited near-term exploitation likelihood despite the vendor-confirmed authorization flaw.

Authentication Bypass Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl Codesys Control Win Sl Codesys Hmi Sl +12
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-3509 HIGH PATCH This Week

A format string vulnerability exists in the Audit Log component of CODESYS Control runtime system that allows unauthenticated remote attackers to inject malicious format specifiers into log messages. This affects numerous CODESYS Control products across multiple platforms including Windows, Linux, embedded systems (BeagleBone, Raspberry Pi, PFC100/200), and industrial controllers (Beckhoff CX, WAGO Touch Panels). Exploitation can lead to denial-of-service conditions by crashing the runtime system, with a CVSS score of 7.5 indicating high availability impact.

Information Disclosure Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl Codesys Control Win Sl Codesys Runtime Toolkit +11
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-41660 HIGH PATCH This Week

A vulnerability in CODESYS Control runtime systems allows a low-privileged remote attacker to replace the boot application, resulting in arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects numerous CODESYS Control variants across multiple platforms including Linux, Windows, embedded systems, and industrial controllers. With a CVSS score of 8.8 and network-accessible attack vector requiring only low privileges, this represents a significant threat to industrial control systems and automation environments.

RCE Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl Codesys Control Win Sl Codesys Hmi Sl +12
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in CODESYS Control runtime products and HMI/Toolkit components allows unauthenticated remote attackers to crash affected industrial control systems by sending malformed HTTP requests that trigger a size-limited out-of-bounds write during length parsing. The flaw affects a broad range of CODESYS runtime variants used across PLCs, industrial PCs, and embedded controllers from vendors like Beckhoff, WAGO, and Raspberry Pi-based deployments. No public exploit identified at time of analysis, EPSS is low (0.07%), but the network-reachable, no-privileges-required attack surface makes this operationally significant for OT environments.

Buffer Overflow Denial Of Service Codesys Control Rte Sl +15
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Privilege escalation through unauthorized account deletion in CODESYS Control runtime products (versions below 3.5.22.20 / 4.21.0.0) allows authenticated low-privileged remote users to delete other accounts, including administrators. Reported by CERT@VDE under advisory VDE-2026-056, with no public exploit identified at time of analysis and a low EPSS score of 0.10% (26th percentile), suggesting limited near-term exploitation likelihood despite the vendor-confirmed authorization flaw.

Authentication Bypass Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A format string vulnerability exists in the Audit Log component of CODESYS Control runtime system that allows unauthenticated remote attackers to inject malicious format specifiers into log messages. This affects numerous CODESYS Control products across multiple platforms including Windows, Linux, embedded systems (BeagleBone, Raspberry Pi, PFC100/200), and industrial controllers (Beckhoff CX, WAGO Touch Panels). Exploitation can lead to denial-of-service conditions by crashing the runtime system, with a CVSS score of 7.5 indicating high availability impact.

Information Disclosure Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl +13
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A vulnerability in CODESYS Control runtime systems allows a low-privileged remote attacker to replace the boot application, resulting in arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects numerous CODESYS Control variants across multiple platforms including Linux, Windows, embedded systems, and industrial controllers. With a CVSS score of 8.8 and network-accessible attack vector requiring only low privileges, this represents a significant threat to industrial control systems and automation environments.

RCE Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl +14
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy