Vulnerability in Codesys Ethernetip

CVE-2026-35225

An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.

EPSS: 0.002 (42.3th percentile) — read the EPSS interpretation.

Affected products

Codesys Ethernetip — versions 1.0.0.0

Weakness classification (CWE)

CWE-754 — Improper Check for Unusual or Exceptional Conditions

References

codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-202… (vendor-advisory)
www.certvde.com/en/advisories/VDE-2026-040/ (vendor-advisory)