CVE-2025-41659
CODESYS Control PKI Exposure Enables Remote Certificate Access
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
04 ago 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Productos afectados
CODESYS · Control for BeagleBone SLCODESYS · Control for emPC-A/iMX6 SLCODESYS · Control for IOT2000 SLCODESYS · Control for Linux ARM SLCODESYS · Control for Linux SLCODESYS · Control for PFC100 SLCODESYS · Control for PFC200 SLCODESYS · Control for PLCnext SLCODESYS · Control for Raspberry Pi SLCODESYS · Control for WAGO Touch Panels 600 SLCODESYS · Control RTE (for Beckhoff CX) SLCODESYS · Control RTE (SL)CODESYS · Control Win (SL)CODESYS · HMI (SL)CODESYS · Runtime ToolkitCODESYS · Virtual Control SL¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →