CVE-2025-41660

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...

EUVD-2026-14784

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

CVE-2026-3509

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

CVE-2025-41660

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...

CODESYS Control runtime system 安全漏洞

CODESYS Control runtime system is a control system runtime software developed by the German company CODESYS. It enables the execution of control logic for industrial automation devices. There is a security vulnerability in CODESYS Control runtime system. This vulnerability arises from the...

PT-2026-27350

Name of the Vulnerable Software and Affected Versions CODESYS Control Runtime System affected versions not specified Description A remote attacker with limited privileges may be able to replace the boot application of the CODESYS Control runtime system. Successful exploitation could lead to...

CODESYS Control runtime system 格式化字符串错误漏洞

CODESYS Control runtime system is a control system runtime software developed by the German company CODESYS. It enables the execution of control logic for industrial automation devices. There is a vulnerability in the CODESYS Control runtime system related to formatted string errors. This...

CVE-2021-33485

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow...

CVE-2025-41739

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service...

CVE-2025-41738

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service DoS condition...

CVE-2025-41739

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service...

EUVD-2025-199975

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service DoS condition...

PT-2025-48434

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service...

EUVD-2021-15881

Malware in sbrugna...

EUVD-2021-20188

Malware in sbrugna...

EUVD-2022-27661

Malicious code in bioql PyPI...

CVE-2025-41691

CVE-2025-41691 affects CODESYS Control runtime systems, with the specific vulnerability described in PT-2025-31800 as an unauthenticated remote attacker triggering a NULL pointer dereference in CODESYS Control runtime systems via specially crafted communication requests, potentially leading to a ...

CVE-2023-37551 CODESYS Files or Directories Accessible to External Parties in CmpApp

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfe...

CVE-2022-22515

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration files of the affected products...

CVE-2022-22515

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration files of the affected products...