CVE-2025-41691
HIGHCODESYS Control RTE (SL) 3.5.21.10-3.5.21.19 - Unauthenticated Denial of Service via NULL Pointer Dereference
Title source: llmDescription
An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
References (1)
Core 1
Core References
Various Sources
https://certvde.com/de/advisories/VDE-2025-070
Scores
CVSS v3
7.5
EPSS
0.0050
EPSS Percentile
38.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (15)
CODESYS/Control for BeagleBone SL
4.16.0.0 - 4.17.0.0
CODESYS/Control for emPC-A/iMX6 SL
4.16.0.0 - 4.17.0.0
CODESYS/Control for IOT2000 SL
4.16.0.0 - 4.17.0.0
CODESYS/Control for Linux ARM SL
4.16.0.0 - 4.17.0.0
CODESYS/Control for Linux SL
4.16.0.0 - 4.17.0.0
CODESYS/Control for PFC100 SL
4.16.0.0 - 4.17.0.0
CODESYS/Control for PFC200 SL
4.16.0.0 - 4.17.0.0
CODESYS/Control for PLCnext SL
4.16.0.0 - 4.17.0.0
CODESYS/Control for Raspberry Pi SL
4.16.0.0 - 4.17.0.0
CODESYS/Control for WAGO Touch Panels 600 SL
4.16.0.0 - 4.17.0.0
... and 5 more
Published
Aug 04, 2025
Tracked Since
Feb 18, 2026