CVE-2025-41691
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-08-04
Assigner: CERT VDE
Description
Description
An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codesys | control_runtime | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to cause a NULL pointer dereference in CODESYS Control runtime systems by sending specially crafted communication requests. This can lead to a denial-of-service (DoS) condition, making the affected system unavailable.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial-of-service (DoS) condition, which means the affected CODESYS Control runtime system could become unavailable or stop functioning properly due to the attack.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70