CODESYS Toolkit Exposes Sensitive Files via Default Permissions

August 4, 2025 invoker category_cve

CVE Details

Basic Information

Title CODESYS Toolkit Exposes Sensitive Files via Default Permissions
Type cve
Published 2025-08-04T08:03:26.511Z
Modified 2025-08-04T08:03:26.511Z

Product Information

Vendor CODESYS
Product Runtime Toolkit
Version 0.0.0.0

CVSS Information

Base Score 5.5 (MEDIUM)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Analysis

AI Description CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged users due to default file permissions. This could allow unauthorized access to sensitive data. The vulnerability is rated Medium severity with a CVSS score of 5.5.
AI Severity High
AI Vendor 3S-Smart Software Solutions
AI Product CODESYS Runtime Toolkit
AI Version 0.0.0.0

Affected Products

  • CODESYS Runtime Toolkit 0.0.0.0
  • CODESYS Control for BeagleBone SL 0.0.0.0
  • CODESYS Control for emPC-A/iMX6 SL 0.0.0.0
  • CODESYS Control for IOT2000 SL 0.0.0.0
  • CODESYS Control for Linux ARM SL 0.0.0.0
  • CODESYS Control for Linux SL 0.0.0.0
  • CODESYS Control for PFC100 SL 0.0.0.0
  • CODESYS Control for PFC200 SL 0.0.0.0
  • CODESYS Control for PLCnext SL 0.0.0.0
  • CODESYS Control for Raspberry Pi SL 0.0.0.0
  • CODESYS Control for WAGO Touch Panels 600 SL 0.0.0.0
  • CODESYS Virtual Control SL 0.0.0.0

Additional Information

CWE List CWE-276
Source CERTVDE

Description

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.