VDB
ADVISORY2025-05_VDE-2025-027
ADVISORY2025-05_VDE-2025-027
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An unauthenticated attacker can read static visualization files of the CODESYS WebVisu, by bypassing the CODESYS Visualization user management applying forced browsing.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CODESYS Remote Target Visu Toolkit 3.5.21.0 | ||
| CODESYS Control RTE (SL) <3.5.21.0 | ||
| CODESYS HMI (SL) <3.5.21.0 | ||
| CODESYS Control RTE (SL) 3.5.21.0 | ||
| CODESYS Virtual Control SL 4.15.0.0 | ||
| CODESYS Embedded Target Visu Toolkit 3.5.21.0 | ||
| CODESYS Embedded Target Visu Toolkit <3.5.21.0 | ||
| CODESYS Control for BeagleBone SL <4.15.0.0 | ||
| CODESYS HMI (SL) 3.5.21.0 | ||
| CODESYS Control RTE (for Beckhoff CX) SL <3.5.21.0 | ||
| CODESYS Remote Target Visu Toolkit <3.5.21.0 | ||
| CODESYS Control RTE (for Beckhoff CX) SL 3.5.21.0 | ||
| CODESYS Visualization <4.8.0.0 | ||
| CODESYS Runtime Toolkit <3.5.21.0 | ||
| CODESYS Visualization 4.8.0.0 | ||
| CODESYS Runtime Toolkit 3.5.21.0 | ||
| CODESYS Control Win (SL) 3.5.21.0 | ||
| CODESYS Control Win (SL) <3.5.21.0 | ||
| CODESYS Virtual Control SL <4.15.0.0 | ||
| CODESYS Control for BeagleBone SL 4.15.0.0 |
Exploit Intelligence
- https://certvde.com/en/advisories/vendor/codesys (circl)
- https://certvde.com/en/advisories/VDE-2025-027/ (circl)
- https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-05_vde-2025-027.json (circl)
- https://www.codesys.com/security/security-reports.html (circl)
- https://codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-05_VIS-5003.pdf (circl)
Timeline
- Apr 23, 2025 CVE Published
References
- https://certvde.com/en/advisories/vendor/codesys url
- https://certvde.com/en/advisories/VDE-2025-027/ advisory
- https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-05_vde-2025-027.json advisory
- https://www.codesys.com/security/security-reports.html url
- https://codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-05_VIS-5003.pdf advisory