CVE-2025-41691

EPSS 0.15%
Veröffentlicht 04.08.2025 08:15:48
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

CODESYS Control DoS via Unauthenticated NULL Pointer Dereference

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 15 VulnDex Vulnerability Enrichment 26

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCODESYS

≫

Produkt Control RTE (SL)

Default Statusunaffected

Version 3.5.21.10

Version < 3.5.21.20

Status affected

HerstellerCODESYS

≫

Produkt Control RTE (for Beckhoff CX) SL

Default Statusunaffected

Version 3.5.21.10

Version < 3.5.21.20

Status affected

HerstellerCODESYS

≫

Produkt Control Win (SL)

Default Statusunaffected

Version 3.5.21.10

Version < 3.5.21.20

Status affected

HerstellerCODESYS

≫

Produkt HMI (SL)

Default Statusunaffected

Version 3.5.21.10

Version < 3.5.21.20

Status affected

HerstellerCODESYS

≫

Produkt Control for BeagleBone SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for emPC-A/iMX6 SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for IOT2000 SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for Linux ARM SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for Linux SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for PFC100 SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for PFC200 SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for PLCnext SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for Raspberry Pi SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Control for WAGO Touch Panels 600 SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

HerstellerCODESYS

≫

Produkt Virtual Control SL

Default Statusunaffected

Version 4.16.0.0

Version < 4.17.0.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.357

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://certvde.com/de/advisories/VDE-2025-070

https://nvd.nist.gov/vuln/detail/CVE-2025-41691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-41691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-41691

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-41691