CODESYS Control DoS via Unauthenticated NULL Pointer Dereference_CVE-2025-41691

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Basic Information

ID CVE-2025-41691

Source CERTVDE

Published Aug 4, 2025 at 08:04

Modified Aug 4, 2025 at 16:32

Affected Product

Vendor CODESYS

Product Control RTE (SL)

Version 3.5.21.10

Affected Versions CODESYS Control RTE (SL) 3.5.21.10
CODESYS Control RTE (for Beckhoff CX) SL 3.5.21.10
CODESYS Control Win (SL) 3.5.21.10
CODESYS HMI (SL) 3.5.21.10
CODESYS Control for BeagleBone SL 4.16.0.0
CODESYS Control for emPC-A/iMX6 SL 4.16.0.0
CODESYS Control for IOT2000 SL 4.16.0.0
CODESYS Control for Linux ARM SL 4.16.0.0
CODESYS Control for Linux SL 4.16.0.0
CODESYS Control for PFC100 SL 4.16.0.0
CODESYS Control for PFC200 SL 4.16.0.0
CODESYS Control for PLCnext SL 4.16.0.0
CODESYS Control for Raspberry Pi SL 4.16.0.0
CODESYS Control for WAGO Touch Panels 600 SL 4.16.0.0
CODESYS Virtual Control SL 4.16.0.0

CWE Classification

CWE-476

References

certvde.com /de/advisories/VDE-2025-070

{
    "lastseen": "",
    "description": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.",
    "published": "2025-08-04T08:04:34.981Z",
    "modified": "2025-08-04T16:32:30.773Z",
    "type": "cve",
    "title": "CODESYS Control DoS via Unauthenticated NULL Pointer Dereference",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2025-070",
    "id": "CVE-2025-41691",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476"
    ],
    "cvelist": null,
    "sourceData": "CODESYS Control RTE (SL) 3.5.21.10\nCODESYS Control RTE (for Beckhoff CX) SL 3.5.21.10\nCODESYS Control Win (SL) 3.5.21.10\nCODESYS HMI (SL) 3.5.21.10\nCODESYS Control for BeagleBone SL 4.16.0.0\nCODESYS Control for emPC-A/iMX6 SL 4.16.0.0\nCODESYS Control for IOT2000 SL 4.16.0.0\nCODESYS Control for Linux ARM SL 4.16.0.0\nCODESYS Control for Linux SL 4.16.0.0\nCODESYS Control for PFC100 SL 4.16.0.0\nCODESYS Control for PFC200 SL 4.16.0.0\nCODESYS Control for PLCnext SL 4.16.0.0\nCODESYS Control for Raspberry Pi SL 4.16.0.0\nCODESYS Control for WAGO Touch Panels 600 SL 4.16.0.0\nCODESYS Virtual Control SL 4.16.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Control RTE (SL)",
    "version": "3.5.21.10",
    "vendor": "CODESYS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}