Home
HIGH: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
0.0.0 (semver) before 3.5.22.0
affected
Default status
unaffected
0.0.0 (semver) before 3.5.22.0
affected
Default status
unaffected
0.0.0 (semver) before 3.5.22.0
affected
Default status
unaffected
0.0.0 (semver) before 3.5.22.0
affected
Default status
unaffected
0.0.0 (semver) before 3.5.22.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
0.0.0 (semver) before 4.21.0.0
affected
Description
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
Problem types
CWE-669 Incorrect Resource Transfer Between Spheres
Product status
0.0.0 (semver) before 3.5.22.0
0.0.0 (semver) before 3.5.22.0
0.0.0 (semver) before 3.5.22.0
0.0.0 (semver) before 3.5.22.0
0.0.0 (semver) before 3.5.22.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
0.0.0 (semver) before 4.21.0.0
Credits
Luca Borzacchiello from Nozomi Networks
References
certvde.com/de/advisories/VDE-2026-011