CODESYS Visualization
Moderate fix1 remedy
cpe:2.3:a:codesys:visualization:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 4.8.0.0
CODESYS Visualization User Management Bypass Vulnerability
Vulnerability
Patched
A vulnerability exists in CODESYS Visualization versions prior to 4.8.0.0, allowing unauthenticated remote attackers to bypass user management and access visualization template files or static elements through forced browsing. This issue is present in various CODESYS Control products, all prior to version 4.15.0.0, as well as in CODESYS Control RTE (for Beckhoff CX) SL, CODESYS Control RTE (SL), CODESYS Control Win (SL), CODESYS HMI (SL), CODESYS Runtime Toolkit, CODESYS Embedded Target Visu Toolkit, and CODESYS Remote Target Visu Toolkit, all versions prior to 3.5.21.0.
Impact
Exploitation of this vulnerability allows for unauthorized access to static visualization files in CODESYS WebVisu, including text lists, icons, and images, but does not expose live data from the controlled system.
Remediation
Users should update CODESYS Visualization to version 4.8.0.0. For CODESYS Control products, an update to version 4.15.0.0 is required. Additionally, CODESYS Control RTE (SL), CODESYS Control RTE (for Beckhoff CX) SL, CODESYS Control Win (SL), CODESYS HMI (SL), CODESYS Runtime Toolkit, CODESYS Embedded Target Visu Toolkit, and CODESYS Remote Target Visu Toolkit should be updated to version 3.5.21.0. After updating, existing CODESYS projects that include a CODESYS WebVisu must be recompiled and downloaded to the updated HMI or PLC.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
0.6exploitability
7.0remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.