VDB

ADVISORY2025-06_VDE-2025-049

ADVISORY2025-06_VDE-2025-049 PUBLISHED CVSS 5.5 MEDIUM

On certain operating systems (e.g., Linux), default file system permissions may allow read access to the files of the CODESYS Control runtime system for non-administrator users. The documentation provided with the CODESYS Runtime Toolkit does not explicitly address this risk. As a result, products based on the toolkit may unintentionally expose sensitive runtime files to local operating system users with limited privileges. CODESYS Control runtime system based devices are affected if they provide access to the operating system (e.g., via a local user interface or SSH) and user accounts without administrator rights for this access exist or can be created.

Risk Scores

CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
CODESYS Control for IOT2000 SL 4.16.0.0
CODESYS Control for Linux SL 4.16.0.0
CODESYS Control for IOT2000 SL < 4.16.0.0
CODESYS Control for emPC-A/iMX6 SL < 4.16.0.0
CODESYS Control for Linux SL < 4.16.0.0
CODESYS Control for Linux ARM SL 4.16.0.0
CODESYS Control for PFC200 SL < 4.16.0.0
CODESYS Control for Linux ARM SL < 4.16.0.0
CODESYS Runtime Toolkit < 3.5.21.20
CODESYS Control for PFC100 SL < 4.16.0.0
CODESYS Control for PLCnext SL < 4.16.0.0
CODESYS Control for BeagleBone SL 4.16.0.0
CODESYS Control for Raspberry Pi SL 4.16.0.0
CODESYS Control for Raspberry Pi SL < 4.16.0.0
CODESYS Control for BeagleBone SL < 4.16.0.0
CODESYS Control for PFC200 SL 4.16.0.0
CODESYS Control for PLCnext SL 4.16.0.0
CODESYS Runtime Toolkit 3.5.21.20
CODESYS Control for emPC-A/iMX6 SL 4.16.0.0
CODESYS Control for PFC100 SL 4.16.0.0

Timeline

  • Aug 4, 2025 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›