VDB

ADVISORY2025-05_VDE-2025-027

ADVISORY2025-05_VDE-2025-027 PUBLISHED CVSS 5.300000190734863 MEDIUM

An unauthenticated attacker can read static visualization files of the CODESYS WebVisu, by bypassing the CODESYS Visualization user management applying forced browsing.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
CODESYS Remote Target Visu Toolkit 3.5.21.0
CODESYS Control RTE (SL) <3.5.21.0
CODESYS HMI (SL) <3.5.21.0
CODESYS Control RTE (SL) 3.5.21.0
CODESYS Virtual Control SL 4.15.0.0
CODESYS Embedded Target Visu Toolkit 3.5.21.0
CODESYS Embedded Target Visu Toolkit <3.5.21.0
CODESYS Control for BeagleBone SL <4.15.0.0
CODESYS HMI (SL) 3.5.21.0
CODESYS Control RTE (for Beckhoff CX) SL <3.5.21.0
CODESYS Remote Target Visu Toolkit <3.5.21.0
CODESYS Control RTE (for Beckhoff CX) SL 3.5.21.0
CODESYS Visualization <4.8.0.0
CODESYS Runtime Toolkit <3.5.21.0
CODESYS Visualization 4.8.0.0
CODESYS Runtime Toolkit 3.5.21.0
CODESYS Control Win (SL) 3.5.21.0
CODESYS Control Win (SL) <3.5.21.0
CODESYS Virtual Control SL <4.15.0.0
CODESYS Control for BeagleBone SL 4.15.0.0

Timeline

  • Apr 23, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›