VDE-2024-026
May 14, 2025, 3:00 PM
The CODESYS OPC UA stack of the CODESYS Control runtime system may incorrectly calculate the required buffer size for received requests/responses. This can lead to a crash of the CODESYS …
VDE-2024-027
May 14, 2025, 3:00 PM
All legitimate local Microsoft Windows users can read or modify files that are located in the working directory of the affected CODESYS products, even if they are executed under a …
VDE-2024-024
May 14, 2025, 3:00 PM
Local attackers can cause affected CODESYS Development System V2.3 installations to crash or execute code by opening malicious project files. The CODESYS Development System V2.3 is an IEC 61131-3 programming …
VDE-2023-066
Dec. 5, 2023, 3:25 PM
UPDATE 29.02.2024: Removed "This version is planned for January 2024." from Solution as the updated version is released.On CODESYS Control runtimes running on Linux or QNX operating systems, successfully authenticated …
VDE-2023-035
Dec. 5, 2023, 8:00 AM
Several CODESYS setups contain and install vulnerable versions of the WIBU CodeMeter Runtime.
VDE-2023-025
Aug. 3, 2023, 1:18 PM
The CODESYS Control V3 runtime system does not restrict the memory accesses of the PLC application code to the PLC application data and does not sufficiently check the integrity of …
VDE-2023-023
Aug. 3, 2023, 1:08 PM
The CODESYS Development System does not limit the number of attempts to guess the password within an import dialog.
VDE-2023-022
Aug. 3, 2023, 12:52 PM
The Notification Center of the CODESYS Development System receives messages without ensuring that the message was not modified during transmission. This finally enables MITMs code execution when the user clicks …