8.1

CVE-2026-8046

Incorrect Authorization in CODESYS Control

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCODESYS
Produkt CODESYS Control RTE (SL)
Default Statusunaffected
Version 3.0.0.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS Control RTE (for Beckhoff CX) SL
Default Statusunaffected
Version 3.0.0.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS Control Win (SL)
Default Statusunaffected
Version 3.0.0.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS HMI (SL)
Default Statusunaffected
Version 3.0.0.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS Runtime Toolkit
Default Statusunaffected
Version 3.0.0.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS Control for BeagleBone SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for emPC-A/iMX6 SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for IOT2000 SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for Linux ARM SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for Linux SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for PFC100 SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for PFC200 SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for PLCnext SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for Raspberry Pi SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for WAGO Touch Panels 600 SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Virtual Control SL
Default Statusunaffected
Version 3.0.0.0
Version < 4.21.0.0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.264
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
info@cert.vde.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
info@cert.vde.com 7.2 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.