CVE-2025-41659
CODESYS Control PKI Exposure Enables Remote Certificate Access
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
04 ago 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Produtos afetados
CODESYS · Control for BeagleBone SLCODESYS · Control for emPC-A/iMX6 SLCODESYS · Control for IOT2000 SLCODESYS · Control for Linux ARM SLCODESYS · Control for Linux SLCODESYS · Control for PFC100 SLCODESYS · Control for PFC200 SLCODESYS · Control for PLCnext SLCODESYS · Control for Raspberry Pi SLCODESYS · Control for WAGO Touch Panels 600 SLCODESYS · Control RTE (for Beckhoff CX) SLCODESYS · Control RTE (SL)CODESYS · Control Win (SL)CODESYS · HMI (SL)CODESYS · Runtime ToolkitCODESYS · Virtual Control SLQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →