← voltar
CVE-2025-41691

CODESYS Control DoS via Unauthenticated NULL Pointer Dereference

CVSS 7.5 HIGHEPSS 0.5%CWE-476
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 ago 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
CODESYS · Control for BeagleBone SLCODESYS · Control for emPC-A/iMX6 SLCODESYS · Control for IOT2000 SLCODESYS · Control for Linux ARM SLCODESYS · Control for Linux SLCODESYS · Control for PFC100 SLCODESYS · Control for PFC200 SLCODESYS · Control for PLCnext SLCODESYS · Control for Raspberry Pi SLCODESYS · Control for WAGO Touch Panels 600 SLCODESYS · Control RTE (for Beckhoff CX) SLCODESYS · Control RTE (SL)CODESYS · Control Win (SL)CODESYS · HMI (SL)CODESYS · Virtual Control SL

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://certvde.com/de/advisories/VDE-2025-070