VDB
ADVISORY2025-04_VDE-2025-022
ADVISORY2025-04_VDE-2025-022
PUBLISHED
CVSS 7.5 HIGH
The OPC UA security policy Basic128Rsa15 is vulnerable against attacks on the private key. This can lead to loss of confidentiality or authentication bypass. The CODESYS OPC UA server is not affected in the default configuration. However, the affected policy may be enabled by a customer configuration.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CODESYS Runtime Toolkit <3.5.21.0 | ||
| CODESYS Runtime Toolkit 3.5.21.0 |
Exploit Intelligence
- https://certvde.com/en/advisories/vendor/codesys (circl)
- https://certvde.com/en/advisories/VDE-2025-022/ (circl)
- https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-04_vde-2025-022.json (circl)
- https://www.codesys.com/security/security-reports.html (circl)
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18837&token=dfb30c01dee1bab88e4cf8e9787f2d2184457454&download= (circl)
Timeline
- Mar 18, 2025 CVE Published
- Jun 5, 2025 CVE Updated
References
- https://certvde.com/en/advisories/vendor/codesys url
- https://certvde.com/en/advisories/VDE-2025-022/ advisory
- https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-04_vde-2025-022.json advisory
- https://www.codesys.com/security/security-reports.html url
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18837&token=dfb30c01dee1bab88e4cf8e9787f2d2184457454&download= advisory