VDB
BDU%3A2026-00081
BDU%3A2026-00081
PUBLISHED
CVSS 8.699999809265137 HIGH
Уязвимость программных продуктов CODESYS, связанная с неверным назначением разрешений для критического ресурса, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Risk Scores
CVSS 2.0
8.699999809265137
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CODESYS | Control RTE (for Beckhoff CX) SL | 0.0.0.0 |
| CODESYS | Control for Raspberry Pi SL | 0.0.0.0 |
| CODESYS | Control for IOT2000 SL | 0.0.0.0 |
| CODESYS | Control for PLCnext SL | 0.0.0.0 |
| CODESYS | Control Win (SL) | 0.0.0.0 |
| CODESYS GmbH | CODESYS Runtime Toolkit, CODESYS Control for BeagleBone SL, CODESYS Control for emPC-A/iMX6 SL, CODESYS Control for IOT2000 SL, CODESYS Control for Linux ARM SL, CODESYS Control for Linux SL, CODESYS Control for PFC100 SL, CODESYS Control for PFC200 SL, CODESYS Control for PLCnext SL, CODESYS Control for Raspberry Pi SL, CODESYS Control for WAGO Touch Panels 600 SL, CODESYS Control Win (SL), CODESYS Control RTE (SL), CODESYS Control RTE (for Beckhoff CX) SL, CODESYS HMI (SL), CODESYS Virtual Control SL | |
| CODESYS | Virtual Control SL | 0.0.0.0 |
| CODESYS | Control for PFC100 SL | 0.0.0.0 |
| CODESYS | Control for Linux ARM SL | 0.0.0.0 |
| CODESYS | Control for BeagleBone SL | 0.0.0.0 |
| CODESYS | Control for Linux SL | 0.0.0.0 |
| CODESYS | Control for PFC200 SL | 0.0.0.0 |
| CODESYS | HMI (SL) | 0.0.0.0 |
| CODESYS | Runtime Toolkit | 0.0.0.0 |
| CODESYS | Control for WAGO Touch Panels 600 SL | 0.0.0.0 |
| CODESYS | Control RTE (SL) | 0.0.0.0 |
| CODESYS | Control for emPC-A/iMX6 SL | 0.0.0.0 |
Exploit Intelligence
- https://certvde.com/de/advisories/VDE-2025-051 (circl)
- CIRCL seen: CVE-2025-41659 (circl-sighting)
- CIRCL seen: CVE-2025-41659 (circl-sighting)
- CIRCL seen: CVE-2025-41659 (circl-sighting)
- https://certvde.com/de/advisories/VDE-2025-051/ (circl)
- data.yaml (github-poc)
- data.yaml (github-poc)
Timeline
- Aug 4, 2025 PoC Published
- Jan 6, 2026 CVE Published
- Feb 24, 2026 PoC Published
- Mar 17, 2026 PoC Published