Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Control for PFC200 SL

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2025-41691
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.54%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 08:04
Updated-04 Aug, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Control DoS via Unauthenticated NULL Pointer Dereference

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-Control for BeagleBone SLControl RTE (SL)Control for PFC200 SLControl for WAGO Touch Panels 600 SLControl for Linux SLControl for PLCnext SLControl for Linux ARM SLControl for emPC-A/iMX6 SLControl for PFC100 SLControl Win (SL)Control for IOT2000 SLControl for Raspberry Pi SLControl RTE (for Beckhoff CX) SLVirtual Control SLHMI (SL)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-41659
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.3||HIGH
EPSS-0.03% / 5.08%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 08:04
Updated-04 Aug, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Control PKI Exposure Enables Remote Certificate Access

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

Action-Not Available
Vendor-CODESYS GmbH
Product-Control for PLCnext SLControl for Linux ARM SLControl for PFC100 SLControl Win (SL)Control RTE (for Beckhoff CX) SLControl for BeagleBone SLControl RTE (SL)Control for PFC200 SLControl for WAGO Touch Panels 600 SLControl for Linux SLRuntime ToolkitControl for emPC-A/iMX6 SLControl for IOT2000 SLControl for Raspberry Pi SLVirtual Control SLHMI (SL)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-41658
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.84%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 08:03
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Toolkit Exposes Sensitive Files via Default Permissions

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Action-Not Available
Vendor-CODESYS GmbH
Product-Control for BeagleBone SLControl for PFC200 SLControl for WAGO Touch Panels 600 SLControl for Linux SLRuntime ToolkitControl for Linux ARM SLControl for emPC-A/iMX6 SLControl for PFC100 SLControl for IOT2000 SLControl for PLCnext SLControl for Raspberry Pi SLVirtual Control SL
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-4224
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.37%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 11:15
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemhmi_slcontrol_for_pfc100_slruntime_toolkitcontrol_for_beaglebone_slsafety_sil2control_for_linux_slcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slControl for emPC-A/iMX6 SL Runtime Toolkit Control Win (SL)HMI (SL) Safety SIL2 Runtime ToolkitControl for PLCnext SLControl RTE (for Beckhoff CX) SL Control for PFC100 SLControl RTE (SL) Safety SIL2 PSPControl for WAGO Touch Panels 600 SLControl for Linux SLControl for Raspberry Pi SLDevelopment System V3 Control for PFC200 SL Control for BeagleBone SL Control for IOT2000 SL
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default