CVE-2026-35225 | THREATINT

Description

An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.

PUBLISHED Reserved 2026-04-01 | Published 2026-04-23 | Updated 2026-04-23 | Assigner CERTVDE

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status

unaffected

1.0.0.0 (custom) before 4.9.0.0

affected

Credits

ABB reporter

References

codesys.csaf-tp.certvde.com/...sory2026-04_vde-2026-040.json vendor-advisory

www.certvde.com/en/advisories/VDE-2026-040/ vendor-advisory

cve.org (CVE-2026-35225)

nvd.nist.gov (CVE-2026-35225)

Download JSON