VDB

ADVISORY2025-08_VDE-2025-070

ADVISORY2025-08_VDE-2025-070 PUBLISHED CVSS 7.5 HIGH

A vulnerability in the CODESYS Control runtime system's CmpDevice component allows unauthenticated attackers to cause a denial-of-service (DoS) via specially crafted communication requests. The issue is triggered by a NULL pointer dereference and also affects systems when outdated CODESYS clients attempt to log in. Only PLCs based on the CODESYS Runtime Toolkit containing the components CmpDevice, CmpAuditLog, and CmpSessionInformation are impacted. **Update 1.1.0, 01.09.2025:** Updated remediation category - fixed SL runtimes are now available.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
CODESYS Control RTE (for Beckhoff CX) SL 3.5.21.10 < 3.5.21.20
CODESYS Runtime Toolkit 3.5.21.10 < 3.5.21.20
CODESYS Control for Linux ARM SL 4.16.0.0 < 4.17.0.0
CODESYS Control for BeagleBone SL 4.16.0.0 < 4.17.0.0
CODESYS Control RTE (SL) 3.5.21.20
CODESYS Control for emPC-A/iMX6 SL 4.17.0.0
CODESYS Control for IOT2000 SL 4.16.0.0 < 4.17.0.0
CODESYS HMI (SL) 3.5.21.20
CODESYS Control for IOT2000 SL 4.17.0.0
CODESYS Control RTE (for Beckhoff CX) SL 3.5.21.20
CODESYS Control for Linux SL 4.16.0.0 < 4.17.0.0
CODESYS Control for emPC-A/iMX6 SL 4.16.0.0 < 4.17.0.0
CODESYS Control for BeagleBone SL 4.17.0.0
CODESYS Control RTE (SL) 3.5.21.10 < 3.5.21.20
CODESYS Control for Linux SL 4.17.0.0
CODESYS Control Win (SL) 3.5.21.20
CODESYS HMI (SL) 3.5.21.10 < 3.5.21.20
CODESYS Control for Linux ARM SL 4.17.0.0
CODESYS Runtime Toolkit 3.5.21.20
CODESYS Control Win (SL) 3.5.21.10 < 3.5.21.20

Timeline

  • Aug 4, 2025 CVE Published
  • Oct 14, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›