Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
3.5.17.0 (semver) before 3.5.22.0
affected
Default status
unaffected
3.5.17.0 (semver) before 3.5.22.0
affected
Default status
unaffected
3.5.17.0 (semver) before 3.5.22.0
affected
Default status
unaffected
3.5.17.0 (semver) before 3.5.22.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Default status
unaffected
4.1.0.0 (semver) before 4.21.0.0
affected
Description
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
Problem types
CWE-134 Use of Externally-Controlled Format String
Product status
3.5.17.0 (semver) before 3.5.22.0
3.5.17.0 (semver) before 3.5.22.0
3.5.17.0 (semver) before 3.5.22.0
3.5.17.0 (semver) before 3.5.22.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
4.1.0.0 (semver) before 4.21.0.0
References
certvde.com/de/advisories/VDE-2026-018