VDB
ADVISORY2025-07_VDE-2025-051
ADVISORY2025-07_VDE-2025-051
PUBLISHED
CVSS 8.300000190734863 HIGH
A vulnerability in the CODESYS Control runtime system allows low-privileged remote attackers to access the PKI folder via CODESYS protocol, enabling them to read and write certificates and keys. This exposes sensitive cryptographic data and allows unauthorized certificates to be trusted. However, all services remain available, only certificate based encryption and signing features are concerned. The issue affects systems using the optional CmpOpenSSL component for cryptographic operations. **Update 1.1.0, 01.09.2025:** Updated remediation category - fixed SL runtimes are now available.
Risk Scores
CVSS 3.1
8.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CODESYS Control for emPC-A/iMX6 SL < 4.17.0.0 | ||
| CODESYS Control RTE (SL) 3.5.21.20 | ||
| CODESYS Control Win (SL) 3.5.21.20 | ||
| CODESYS Control for IOT2000 SL 4.17.0.0 | ||
| CODESYS Control RTE (for Beckhoff CX) SL 3.5.21.20 | ||
| CODESYS Control RTE (for Beckhoff CX) SL < 3.5.21.20 | ||
| CODESYS Control for Linux SL < 4.17.0.0 | ||
| CODESYS HMI (SL) < 3.5.21.20 | ||
| CODESYS Control for IOT2000 SL < 4.17.0.0 | ||
| CODESYS Runtime Toolkit < 3.5.21.20 | ||
| CODESYS Control for BeagleBone SL 4.17.0.0 | ||
| CODESYS Control for Linux ARM SL < 4.17.0.0 | ||
| CODESYS Control for Linux SL 4.17.0.0 | ||
| CODESYS Control for BeagleBone SL < 4.17.0.0 | ||
| CODESYS Control Win (SL) < 3.5.21.20 | ||
| CODESYS Control for emPC-A/iMX6 SL 4.17.0.0 | ||
| CODESYS HMI (SL) 3.5.21.20 | ||
| CODESYS Runtime Toolkit 3.5.21.20 | ||
| CODESYS Control RTE (SL) < 3.5.21.20 | ||
| CODESYS Control for Linux ARM SL 4.17.0.0 |
Exploit Intelligence
- https://certvde.com/en/advisories/vendor/codesys (circl)
- https://certvde.com/en/advisories/VDE-2025-051/ (circl)
- https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-07_vde-2025-051.json (circl)
- https://www.codesys.com/security/security-reports.html (circl)
- https://codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-07_CDS-93244.pdf (circl)
- data.yaml (github-poc)
Timeline
- Aug 4, 2025 CVE Published
- Sep 1, 2025 CVE Updated
References
- https://certvde.com/en/advisories/vendor/codesys url
- https://certvde.com/en/advisories/VDE-2025-051/ advisory
- https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2025/advisory2025-07_vde-2025-051.json advisory
- https://www.codesys.com/security/security-reports.html url
- https://codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2025-07_CDS-93244.pdf advisory