CVE-2024-41975
MEDIUMCODESYS Edge Gateway < 3.5.21.0 - Unauthenticated Information Disclosure
Title source: llmDescription
An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.
References (1)
Core 1
Core References
Various Sources
https://cert.vde.com/en/advisories/VDE-2025-013
Scores
CVSS v3
5.3
EPSS
0.0039
EPSS Percentile
30.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1188
Status
published
Products (2)
CODESYS/CODESYS Edge Gateway
< 3.5.21.0
CODESYS/CODESYS Gateway for Windows
< 3.5.21.0
Published
Mar 18, 2025
Tracked Since
Feb 18, 2026