8.7

CVE-2026-8047

Out-of-bounds Write in CODESYS Control

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCODESYS
Produkt CODESYS Control RTE (SL)
Default Statusunaffected
Version 3.5.21.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS Control RTE (for Beckhoff CX) SL
Default Statusunaffected
Version 3.5.21.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS Control Win (SL)
Default Statusunaffected
Version 3.5.21.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS HMI (SL)
Default Statusunaffected
Version 3.5.21.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS Runtime Toolkit
Default Statusunaffected
Version 3.5.21.0
Version < 3.5.22.20
Status affected
HerstellerCODESYS
Produkt CODESYS Control for BeagleBone SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for emPC-A/iMX6 SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for IOT2000 SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for Linux ARM SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for Linux SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for PFC100 SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for PFC200 SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for PLCnext SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for Raspberry Pi SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Control for WAGO Touch Panels 600 SL
Default Statusunaffected
Version 0.0.0
Version < 4.21.0.0
Status affected
HerstellerCODESYS
Produkt CODESYS Virtual Control SL
Default Statusunaffected
Version 4.15.0.0
Version < 4.21.0.0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.353
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
info@cert.vde.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
info@cert.vde.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.