VDB

ADVISORY2025-04_VDE-2025-022

ADVISORY2025-04_VDE-2025-022 PUBLISHED CVSS 7.5 HIGH

The OPC UA security policy Basic128Rsa15 is vulnerable against attacks on the private key. This can lead to loss of confidentiality or authentication bypass. The CODESYS OPC UA server is not affected in the default configuration. However, the affected policy may be enabled by a customer configuration.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
CODESYS Runtime Toolkit <3.5.21.0
CODESYS Runtime Toolkit 3.5.21.0

Timeline

  • Mar 18, 2025 CVE Published
  • Jun 5, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›