8.1
CVE-2026-8046
- EPSS 0.35%
- Veröffentlicht 26.05.2026 06:45:21
- Zuletzt bearbeitet 26.05.2026 20:00:24
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
Incorrect Authorization in CODESYS Control
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCODESYS
≫
Produkt
CODESYS Control RTE (SL)
Default Statusunaffected
Version
3.0.0.0
Version <
3.5.22.20
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control RTE (for Beckhoff CX) SL
Default Statusunaffected
Version
3.0.0.0
Version <
3.5.22.20
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control Win (SL)
Default Statusunaffected
Version
3.0.0.0
Version <
3.5.22.20
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS HMI (SL)
Default Statusunaffected
Version
3.0.0.0
Version <
3.5.22.20
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Runtime Toolkit
Default Statusunaffected
Version
3.0.0.0
Version <
3.5.22.20
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for BeagleBone SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for emPC-A/iMX6 SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for IOT2000 SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for Linux ARM SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for Linux SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for PFC100 SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for PFC200 SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for PLCnext SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for Raspberry Pi SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Control for WAGO Touch Panels 600 SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
HerstellerCODESYS
≫
Produkt
CODESYS Virtual Control SL
Default Statusunaffected
Version
3.0.0.0
Version <
4.21.0.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.264 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| info@cert.vde.com | 7.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://www.certvde.com/en/advisories/VDE-2026-056/