Codesys
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Codesys product.
RSS Feeds for Codesys security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Codesys products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Codesys Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Codesys. Last year, in 2025 Codesys had 3 security vulnerabilities published. Right now, Codesys is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 7.07 |
| 2024 | 1 | 4.40 |
| 2023 | 41 | 7.41 |
| 2022 | 25 | 7.49 |
| 2021 | 34 | 8.04 |
| 2020 | 6 | 8.27 |
| 2019 | 15 | 9.80 |
It may take a day or so for new Codesys vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Codesys Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-41700 | Dec 01, 2025 |
CODESYS local code execution via manipulated project fileAn unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context. |
Development System
Codesys
|
| CVE-2025-41738 | Dec 01, 2025 |
CODESYS Control Runtime: Remote Pointer Type Error DoSAn unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition. |
Control Rte Sl
Control Rte Beckhoff Cx Sl
Control Win Sl
And others... |
| CVE-2025-41739 | Dec 01, 2025 |
Remote OOB Read in CODESYS Control via Socket RaceAn unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service. |
Plchandler
Codesys
Runtime Toolkit
And others... |
| CVE-2024-6876 | Sep 10, 2024 |
CVE-2024-6876: OOB Read in OSCAT Basic Lib Enables PLC Data LeakOut-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. |
Oscat Basic Library
|
| CVE-2023-6357 | Dec 05, 2023 |
Remote Command Injection in File System Libraries (CVE-2023-6357)A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. |
Runtime Toolkit
Control Wago Touch Panels 600 Sl
Control For Raspberry Pi Sl
And others... |
| CVE-2022-4046 | Aug 03, 2023 |
CODESYS Control Buffer Overflow: Remote Auth Escalation to Full Device AccessIn CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device. |
Control For Beaglebone Sl
Control For Empc Aimx6 Sl
Control For Iot2000 Sl
And others... |
| CVE-2023-37551 | Aug 03, 2023 |
CODESYS Runtime: Unrestricted File Download via CmpApp (CVE-2023-37551)In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller. |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37552 | Aug 03, 2023 |
Codesys CmpAppBP Invalid Read DoSIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556. |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37553 | Aug 03, 2023 |
Codesys CmpAppBP Invalid Address Read Enables DoSIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556. |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-3669 | Aug 03, 2023 |
CODESYS Dev Sys <3.5.19.20: Brute-Force Vulnerability in Import DialogA missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. |
Development System
|
| CVE-2023-37554 | Aug 03, 2023 |
Codesys CmpAppBP DoS via crafted network requestIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556. |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37555 | Aug 03, 2023 |
Codesys CmpAppBP Internal Read Vulnerability Denial of ServiceIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556. |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37556 | Aug 03, 2023 |
Codesys CmpAppBP DoS via Crafted Network RequestsIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555. |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37557 | Aug 03, 2023 |
Codesys CmpAppBP Heap Buffer Overwrite via Authenticated Remote RequestsAfter successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition. |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37558 | Aug 03, 2023 |
Codesys CmpAppForce BUG: Authenticated DoS via crafted network requestsAfter successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559 |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37559 | Aug 03, 2023 |
Codesys CmpAppForce DoS via Invalid Mem Read (CVE-2023-37559)After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558 |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37546 | Aug 03, 2023 |
Codesys CmpApp DoS via Invalid Address ReadIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37547 | Aug 03, 2023 |
Codesys CmpApp DoS via Crafted Network Requests (CVE-2023-37547)In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37548 | Aug 03, 2023 |
Codesys CmpApp Network Request CVE-2023-37548: Denial-of-ServiceIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550 |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37549 | Aug 03, 2023 |
Codesys CmpApp DoS via crafted net req causing invalid address readIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550 |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-37550 | Aug 03, 2023 |
Codesys CmpApp internal address read CVE-2023-37550In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549. |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-3663 | Aug 03, 2023 |
CODESYS DS <=3.5.19.20 HTTP Notification Server Integrity Check BypassIn CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. |
Development System
|
| CVE-2023-3662 | Aug 03, 2023 |
CODESYS Development System 3.5.19.20 Binary Exec from CWDIn CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . |
Development System
|
| CVE-2023-37545 | Aug 03, 2023 |
Codesys CmpApp invalid read leading to DoS via crafted network requestsIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550 |
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
Control Wago Touch Panels 600 Sl
And others... |
| CVE-2023-3670 | Jul 28, 2023 |
CODESYS Dev Sys 3.5.x unsafe dir perms allow local execIn CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. |
Scripting
Development System
Codesys
And others... |
| CVE-2022-47393 | May 15, 2023 |
CODESYS DS buffer overflow via improper op restrictionAn authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47392 | May 15, 2023 |
Denial-of-service via Improper Input Validation in CODESYS CmpApp ComponentsAn authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47379 | May 15, 2023 |
CODESYS OOB Write in Products RCE/DoSAn authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47390 | May 15, 2023 |
CODESYS CmpTraceMgr Stack OOB Write Enables Remote Code ExecutionAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47389 | May 15, 2023 |
CODESYS CmpTraceMgr OOB Stack Write DoS/Remote Code ExecAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47388 | May 15, 2023 |
CODESYS CmpTraceMgr OOB Stack Write RCEAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47387 | May 15, 2023 |
Stack OOB Write in CODESYS CmpTraceMgr Enables RCEAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47386 | May 15, 2023 |
CODESYS CmpTraceMgr OOB Stack Write Remote Code ExecAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47385 | May 15, 2023 |
CVE-2022-47385: CODESYS CmpAppForce Stack OOB Write RCE/DoSAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47384 | May 15, 2023 |
CODESYS CmpTraceMgr Stack OOB Write RCEAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47383 | May 15, 2023 |
Stack OOB Write in CODESYS CmpTraceMgr RCE / DoSAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47381 | May 15, 2023 |
CODESYS stack OOB write leads to RCE and DoSAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47380 | May 15, 2023 |
CODESYS OOB Stack Write CVE-2022-47380 Enables RCEAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-47382 | May 15, 2023 |
CODESYS CmpTraceMgr OOB stack write allows RCEAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-4048 | May 15, 2023 |
Inadequate Encryption in CODESYS DS V3 prior to 3.5.18.40Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application. |
Development System V3
|
| CVE-2022-47391 | May 15, 2023 |
CODESYS Input Validation Flaw Allows Remote DoS via Invalid Address ReadsIn multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. |
Hmi Sl
Control Win Sl
Control Runtime System Toolkit
And others... |
| CVE-2022-47378 | May 15, 2023 |
Input Validation Flaw in CODESYS Enables Authenticated Remote DoSMultiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition. |
Safety Sil2 Runtime Toolkit
Safety Sil2 Psp
Hmi Sl
And others... |
| CVE-2022-22508 | May 15, 2023 |
CODESYS V3 Input Validation Authenticated Remote Login BlockingImproper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. |
Hmi Sl
Control Win Sl
Control Runtime System Toolkit
And others... |
| CVE-2022-4224 | Mar 23, 2023 |
CODESYS v3 Remote File Access & DoS via Low-Privileged UserIn multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. |
Control For Iot2000 Sl
Control For Empc Aimx6 Sl
Control For Beaglebone Sl
And others... |
| CVE-2018-25048 | Mar 23, 2023 |
CODESYS Runtime Path Traversal Enables File Access & DoSThe CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. |
Runtime Plcwinnt
Remote Target Visu Toolkit
Embedded Target Visu Toolkit
And others... |
| CVE-2020-12069 | Dec 26, 2022 |
CODESYS V3 3.5.16.0 CmpUserMgr Weak Hash ExploitIn CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. |
Control For Beaglebone
Control For Empc Aimx6
Control For Iot2000
And others... |
| CVE-2022-1989 | Aug 23, 2022 |
CVE-2022-1989: CODESYS Visualization <V4.2.0.0 Unauth User EnumerationAll CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. |
Visualization
|
| CVE-2022-30791 | Jul 11, 2022 |
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumptionIn CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. |
Control For Linux Sl
Control For Pfc100 Sl
Control For Pfc200 Sl
And others... |
| CVE-2022-30792 | Jul 11, 2022 |
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumptionIn CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. |
Control For Linux Sl
Control For Pfc100 Sl
Control For Pfc200 Sl
And others... |
| CVE-2022-32139 | Jun 24, 2022 |
In multiple CODESYS products, a low privileged remote attacker may craft a requestIn multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. |
Runtime Toolkit
Plcwinnt
|