CVE-2025-41738
BaseFortify
Publication date: 2025-12-01
Last updated on: 2026-02-23
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codesys | control_for_beaglebone_sl | From 4.5.0.0 (inc) to 4.19.0.0 (exc) |
| codesys | control_rte_sl | From 3.5.18.0 (inc) to 3.5.21.40 (exc) |
| codesys | control_rte_sl_(for_beckhoff_cx) | From 3.5.18.0 (inc) to 3.5.21.40 (exc) |
| codesys | control_win_sl | From 3.5.18.0 (inc) to 3.5.21.40 (exc) |
| codesys | control_for_empc-a/imx6_sl | From 4.5.0.0 (inc) to 4.19.0.0 (inc) |
| codesys | control_for_iot2000_sl | From 4.5.0.0 (inc) to 4.19.0.0 (exc) |
| codesys | control_for_linux_arm_sl | From 4.5.0.0 (inc) to 4.19.0.0 (exc) |
| codesys | control_for_linux_sl | From 4.5.0.0 (inc) to 4.19.0.0 (exc) |
| codesys | control_for_pfc100_sl | From 4.5.0.0 (inc) to 4.19.0.0 (inc) |
| codesys | control_for_pfc200_sl | From 4.5.0.0 (inc) to 4.19.0.0 (exc) |
| codesys | control_for_plcnext_sl | From 4.5.0.0 (inc) to 4.19.0.0 (exc) |
| codesys | control_for_raspberry_pi_sl | From 4.5.0.0 (inc) to 4.19.0.0 (exc) |
| codesys | control_for_wago_touch_panels_600_sl | From 4.5.0.0 (inc) to 4.19.0.0 (inc) |
| codesys | hmi_sl | From 3.5.18.0 (inc) to 3.5.21.40 (exc) |
| codesys | remote_target_visu | From 3.5.18.0 (inc) to 3.5.21.40 (exc) |
| codesys | runtime_toolkit | From 3.5.18.0 (inc) to 3.5.21.40 (exc) |
| codesys | virtual_control_sl | From 4.5.0.0 (inc) to 4.19.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-843 | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to cause the visualisation server of the CODESYS Control runtime system to access a resource using a pointer of the wrong type. This improper access can lead to a denial-of-service (DoS) condition, disrupting the normal operation of the system.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial-of-service (DoS) condition, which means that an attacker can remotely cause the CODESYS Control runtime system's visualisation server to crash or become unavailable, potentially interrupting critical control processes.