CVE Details
Basic Information
| Title | CODESYS Control DoS via Unauthenticated NULL Pointer Dereference |
|---|---|
| Type | cve |
| Published | 2025-08-04T08:04:34.981Z |
| Modified | 2025-08-04T08:04:34.981Z |
Product Information
| Vendor | CODESYS |
|---|---|
| Product | Control RTE (SL) |
| Version | 3.5.21.10 |
CVSS Information
| Base Score | 7.5 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Affected Products
- CODESYS Control RTE (SL) 3.5.21.10
- CODESYS Control RTE (for Beckhoff CX) SL 3.5.21.10
- CODESYS Control Win (SL) 3.5.21.10
- CODESYS HMI (SL) 3.5.21.10
- CODESYS Control for BeagleBone SL 4.16.0.0
- CODESYS Control for emPC-A/iMX6 SL 4.16.0.0
- CODESYS Control for IOT2000 SL 4.16.0.0
- CODESYS Control for Linux ARM SL 4.16.0.0
- CODESYS Control for Linux SL 4.16.0.0
- CODESYS Control for PFC100 SL 4.16.0.0
- CODESYS Control for PFC200 SL 4.16.0.0
- CODESYS Control for PLCnext SL 4.16.0.0
- CODESYS Control for Raspberry Pi SL 4.16.0.0
- CODESYS Control for WAGO Touch Panels 600 SL 4.16.0.0
- CODESYS Virtual Control SL 4.16.0.0
Additional Information
| CWE List | CWE-476 |
|---|---|
| Source | CERTVDE |
Description
An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.