GCVE - cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Codesys (`4a5dbd6f-1914-5b18-8641-403ab498c199`)
Product	Control For Linux Arm Sl (`41c313d1-cf4b-5f1d-8ce0-7991d49cbe91`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-41738`	vulnerable	2026-06-03 15:01:15.860396	CODESYS Control - Invalid type usage in visualization HIGH (7.5) An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition. Published: 2025-12-01T10:02:33.407Z Updated: 2025-12-01T14:00:28.509Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-100	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41691`	vulnerable	2026-06-03 15:01:15.094033	CODESYS Control DoS via Unauthenticated NULL Pointer Dereference HIGH (7.5) An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition. Published: 2025-08-04T08:04:34.981Z Updated: 2025-08-04T16:32:30.773Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-070	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41659`	vulnerable	2026-06-03 15:01:14.972545	CODESYS Control PKI Exposure Enables Remote Certificate Access HIGH (8.3) A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted. Published: 2025-08-04T08:04:04.597Z Updated: 2025-08-04T16:35:32.484Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41658`	vulnerable	2026-06-03 15:01:14.962840	CODESYS Toolkit Exposes Sensitive Files via Default Permissions MEDIUM (5.5) CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. Published: 2025-08-04T08:03:26.511Z Updated: 2025-08-04T11:52:37.949Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-049	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8175`	vulnerable	2026-06-03 14:58:17.309463	CODESYS: web server vulnerable to DoS HIGH (7.5) An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. Published: 2024-09-25T08:04:23.196Z Updated: 2024-09-25T14:02:28.368Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2024-057 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18604&token=d5e1e2820ee63077b875b3bb41014b1f102e88a3&download=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5000`	vulnerable	2026-06-03 14:57:51.412722	CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products HIGH (7.5) An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. Published: 2024-06-04T08:54:06.522Z Updated: 2024-08-01T20:55:10.389Z Open on db.gcve.eu Reference links https://cert.vde.com/en/advisories/VDE-2024-026 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6357`	vulnerable	2026-06-03 14:53:51.576568	OS Command Injection in multiple CODESYS products HIGH (8.8) A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Published: 2023-12-05T14:29:25.649Z Updated: 2024-08-02T08:28:21.783Z Open on db.gcve.eu Reference links https://https://cert.vde.com/en/advisories/VDE-2023-066	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29242`	vulnerable	2026-06-03 14:44:19.820388	Details available CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. Published: 2021-05-03T13:56:06.000Z Updated: 2024-08-03T22:02:51.582Z Open on db.gcve.eu Reference links https://customers.codesys.com/index.php https://www.codesys.com/security/security-reports.html https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.