VDE-2025-070
Oct. 14, 2025, 10:00 AM
A vulnerability in the CODESYS Control runtime system's CmpDevice component allows unauthenticated attackers to cause a denial-of-service (DoS) via specially crafted communication requests. The issue is triggered by a NULL …
VDE-2025-027
April 23, 2025, 12:00 PM
An unauthenticated attacker can read static visualization files of the CODESYS WebVisu, by bypassing the CODESYS Visualization user management applying forced browsing.
VDE-2025-022
June 5, 2025, 3:31 PM
The OPC UA security policy Basic128Rsa15 is vulnerable against attacks on the private key. This can lead to loss of confidentiality or authentication bypass. The CODESYS OPC UA server is …
VDE-2025-013
June 5, 2025, 3:31 PM
The CODESYS Gateway enables communication between CODESYS runtimes and other clients, primarily the CODESYS Development System V3. It is usually installed as a part of the CODESYS Development System V3 …
VDE-2025-015
June 5, 2025, 3:31 PM
A low privileged attacker with physical access to a controller, that supports removable media and is running a CODESYS Control runtime system, can exploit the insufficient path validation by connecting …
VDE-2025-001
June 5, 2025, 3:31 PM
The CODESYS Key USB dongle, which is based on WIBU CodeMeter technology, is affected by a physical side-channel vulnerability.
VDE-2024-057
April 3, 2025, 12:00 PM
The CODESYS web server component of the CODESYS Control runtime system is used by the CODESYS WebVisu to display visualization screens in a web browser. Receiving a specifically crafted TLS …
VDE-2024-046
Sept. 10, 2024, 4:00 PM
The OSCAT Basic library is one of several libraries developed and provided by OSCAT. OSCAT (oscat.de) stands for "Open Source Community for Automation Technology". The OSCAT Basic library offers function …