CODESYS Visualization – Insufficiently Protected Credentials_CVE-2026-0393

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.

Basic Information

ID CVE-2026-0393

Source CERTVDE

Published May 21, 2026 at 10:44

Affected Product

Vendor CODESYS

Product Visualization

Version 1.0.0.0

Affected Versions CODESYS Visualization 1.0.0.0

CWE Classification

CWE-522

References

codesys.csaf-tp.certvde.com /.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json

{
    "lastseen": "",
    "description": "The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.",
    "published": "2026-05-21T10:44:42.517Z",
    "modified": "2026-05-21T10:44:42.517Z",
    "type": "cve",
    "title": "CODESYS Visualization - Insufficiently Protected Credentials",
    "source": "CERTVDE",
    "references": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json",
    "id": "CVE-2026-0393",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "CODESYS Visualization 1.0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Visualization",
    "version": "1.0.0.0",
    "vendor": "CODESYS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}