Home

Description

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-01 | Updated 2025-12-01 | Assigner CERTVDE




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

Product status

Default status
unaffected

3.5.18.0 (semver) before 3.5.21.40
affected

Default status
unaffected

3.5.18.0 (semver) before 3.5.21.40
affected

Default status
unaffected

3.5.18.0 (semver) before 3.5.21.40
affected

Default status
unaffected

3.5.18.0 (semver) before 3.5.21.40
affected

Default status
unaffected

3.5.18.0 (semver) before 3.5.21.40
affected

Default status
unaffected

3.5.18.0 (semver) before 3.5.21.40
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.5.0.0 (semver) before 4.19.0.0
affected

References

certvde.com/de/advisories/VDE-2025-100

cve.org (CVE-2025-41738)

nvd.nist.gov (CVE-2025-41738)

Download JSON