Codesys Codesys Control For Linux Arm Sl
10 CVEs affecting Codesys Codesys Control For Linux Arm Sl. Latest disclosed: 2026-05-26. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41660 | High | 8.8 | 2026-03-24 | A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution. |
CVE-2023-6357 | High | 8.8 | 2023-12-05 | A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker… |
CVE-2026-8046 | High | 8.1 | 2026-05-26 | The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerabil… |
CVE-2026-8047 | High | 7.5 | 2026-05-26 | The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated… |
CVE-2026-3509 | High | 7.5 | 2026-03-24 | An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, poten… |
CVE-2025-41738 | High | 7.5 | 2025-12-01 | An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type… |
CVE-2024-8175 | High | 7.5 | 2024-09-25 | An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. |
CVE-2024-5000 | High | 7.5 | 2024-06-04 | An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorr… |
CVE-2025-0694 | Medium | 6.6 | 2025-03-18 | Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. |
CVE-2025-41739 | Medium | 5.9 | 2025-12-01 | An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux… |