CVE-2025-41659

HIGH

CODESYS Control - Info Disclosure

Title source: llm

Description

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

References (1)

[Various Sources] https://certvde.com/de/advisories/VDE-2025-051

Scores

CVSS v3 8.3

EPSS 0.0005

EPSS Percentile 16.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (16)

CODESYS/Control for BeagleBone SL 0.0.0.0 - 4.17.0.0

CODESYS/Control for emPC-A/iMX6 SL 0.0.0.0 - 4.17.0.0

CODESYS/Control for IOT2000 SL 0.0.0.0 - 4.17.0.0

CODESYS/Control for Linux ARM SL 0.0.0.0 - 4.17.0.0

CODESYS/Control for Linux SL 0.0.0.0 - 4.17.0.0

CODESYS/Control for PFC100 SL 0.0.0.0 - 4.17.0.0

CODESYS/Control for PFC200 SL 0.0.0.0 - 4.17.0.0

CODESYS/Control for PLCnext SL 0.0.0.0 - 4.17.0.0

CODESYS/Control for Raspberry Pi SL 0.0.0.0 - 4.17.0.0

CODESYS/Control for WAGO Touch Panels 600 SL 0.0.0.0 - 4.17.0.0

... and 6 more

Published Aug 04, 2025

Tracked Since Feb 18, 2026