CVE 8.7 HIGH

Improper timeout handling in CODESYS EtherNetIP_CVE-2026-35225

April 23, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.

AI Analysis

Improper timeout handling in CODESYS EtherNetIP allows an unauthenticated remote attacker to exhaust TCP connections, preventing new connections.

Basic Information

ID CVE-2026-35225

Source CERTVDE

Published Apr 23, 2026 at 13:54

Affected Product

Vendor CODESYS

Product CODESYS EtherNetIP

Version 1.0.0.0

Affected Versions CODESYS CODESYS EtherNetIP 1.0.0.0

CWE Classification

CWE-754

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor 3S-Smart Software Solutions GmbH

Product CODESYS EtherNetIP

Version 1.0.0.0

References

{
    "lastseen": "",
    "description": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.",
    "published": "2026-04-23T13:54:51.863Z",
    "modified": "2026-04-23T13:54:51.863Z",
    "type": "cve",
    "title": "Improper timeout handling in CODESYS EtherNetIP",
    "source": "CERTVDE",
    "references": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json\nhttps://www.certvde.com/en/advisories/VDE-2026-040/",
    "id": "CVE-2026-35225",
    "bulletinFamily": "",
    "cwe": [
        "CWE-754"
    ],
    "cvelist": null,
    "sourceData": "CODESYS CODESYS EtherNetIP 1.0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CODESYS EtherNetIP",
    "version": "1.0.0.0",
    "vendor": "CODESYS",
    "ai_description": "Improper timeout handling in CODESYS EtherNetIP allows an unauthenticated remote attacker to exhaust TCP connections, preventing new connections.",
    "ai_severity": "High",
    "ai_vendor": "3S-Smart Software Solutions GmbH",
    "ai_product": "CODESYS EtherNetIP",
    "ai_version": "1.0.0.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply