GCVE - cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Codesys (`4a5dbd6f-1914-5b18-8641-403ab498c199`)
Product	Control For Empc A/Imx6 Sl (`7e8a98fd-b168-5e67-9e86-8deeee0d13c3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-41691`	vulnerable	2026-06-03 15:01:15.093912	CODESYS Control DoS via Unauthenticated NULL Pointer Dereference HIGH (7.5) An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition. Published: 2025-08-04T08:04:34.981Z Updated: 2025-08-04T16:32:30.773Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-070	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41659`	vulnerable	2026-06-03 15:01:14.972306	CODESYS Control PKI Exposure Enables Remote Certificate Access HIGH (8.3) A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted. Published: 2025-08-04T08:04:04.597Z Updated: 2025-08-04T16:35:32.484Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-41658`	vulnerable	2026-06-03 15:01:14.960737	CODESYS Toolkit Exposes Sensitive Files via Default Permissions MEDIUM (5.5) CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. Published: 2025-08-04T08:03:26.511Z Updated: 2025-08-04T11:52:37.949Z Open on db.gcve.eu Reference links https://certvde.com/de/advisories/VDE-2025-049	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-4224`	vulnerable	2026-06-03 14:48:35.289508	CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3 HIGH (8.8) In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. Published: 2023-03-23T11:15:37.014Z Updated: 2026-05-29T14:08:13.754Z Open on db.gcve.eu Reference links https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.