Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
3.5.21.10 (semver) before 3.5.21.20
affected
Default status
unaffected
3.5.21.10 (semver) before 3.5.21.20
affected
Default status
unaffected
3.5.21.10 (semver) before 3.5.21.20
affected
Default status
unaffected
3.5.21.10 (semver) before 3.5.21.20
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Default status
unaffected
4.16.0.0 (semver) before 4.17.0.0
affected
Description
An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
Problem types
CWE-476 NULL Pointer Dereference
Product status
3.5.21.10 (semver) before 3.5.21.20
3.5.21.10 (semver) before 3.5.21.20
3.5.21.10 (semver) before 3.5.21.20
3.5.21.10 (semver) before 3.5.21.20
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
4.16.0.0 (semver) before 4.17.0.0
References
certvde.com/de/advisories/VDE-2025-070