CVE-2025-41659

Summary

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

Affected Software

VendorProductVersion RangeStatus
CODESYSControl RTE (SL)0.0.0.0 < 3.5.21.20affected
CODESYSControl RTE (for Beckhoff CX) SL0.0.0.0 < 3.5.21.20affected
CODESYSControl Win (SL)0.0.0.0 < 3.5.21.20affected
CODESYSHMI (SL)0.0.0.0 < 3.5.21.20affected
CODESYSRuntime Toolkit0.0.0.0 < 3.5.21.20affected
CODESYSControl for BeagleBone SL0.0.0.0 < 4.17.0.0affected
CODESYSControl for emPC-A/iMX6 SL0.0.0.0 < 4.17.0.0affected
CODESYSControl for IOT2000 SL0.0.0.0 < 4.17.0.0affected
CODESYSControl for Linux ARM SL0.0.0.0 < 4.17.0.0affected
CODESYSControl for Linux SL0.0.0.0 < 4.17.0.0affected
CODESYSControl for PFC100 SL0.0.0.0 < 4.17.0.0affected
CODESYSControl for PFC200 SL0.0.0.0 < 4.17.0.0affected
CODESYSControl for PLCnext SL0.0.0.0 < 4.17.0.0affected
CODESYSControl for Raspberry Pi SL0.0.0.0 < 4.17.0.0affected
CODESYSControl for WAGO Touch Panels 600 SL0.0.0.0 < 4.17.0.0affected
CODESYSVirtual Control SL0.0.0.0 < 4.17.0.0affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References