CVE-2025-41700

The CVE-2025-41700 entry concerns CODESYS Development System. The connected sources describe a vulnerability where an unauthenticated attacker can cause arbitrary code execution by tricking a local user into opening a specially crafted CODESYS project file, with code executed in the user’s contex...

CVE-2025-41700 CODESYS Development System - Deserialization of Untrusted Data

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context...

EUVD-2025-27233

Malicious code in bioql PyPI...

CVE-2025-41701

An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context...

CVE-2025-41701 Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering

An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context...

CVE-2025-41701

Beckhoff TwinCAT 3 Engineering contains a vulnerability (CVE-2025-41701) where deserialization of untrusted data can be triggered by a manipulated project file, allowing an unauthenticated local attacker to execute arbitrary commands in the user’s context. The available connected sources confirm ...

PT-2025-36688

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected...

Input validation

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory...

M&M Fdtcontainer Code Issue Vulnerability

M&M Fdtcontainer is a plug-and-play FDT framework application that can be customized to meet the needs of customers by China Meiming M&M. A code issue vulnerability exists in M&M fdtCONTAINER component Version 3, which can be exploited by an attacker to load a manipulated project file and malicio...

Out-of-bounds

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+...

CVE-2019-12869

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an...

CVE-2019-12870

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Confi...

CVE-2019-12871

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ proje...