CODESYS Control PKI Folder Access Vulnerability Allowing Certificate Manipulation

Vulnerability

A vulnerability exists in the CODESYS Control runtime system, allowing low-privileged attackers to remotely access the PKI folder. This access enables the reading and writing of certificates and their associated keys. As a result, sensitive data could be extracted or certificates could be accepted as trusted. While all services remain operational, deleting the certificates would restrict communication to unencrypted only.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of sensitive cryptographic materials, such as certificates and private keys, within the CODESYS Control runtime environment. This could allow for the extraction of sensitive data or the establishment of trusted certificates, potentially facilitating further attacks or unauthorized actions.

Added: Aug 4, 2025, 8:18 AM

Updated: Aug 4, 2025, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CODESYS Control PKI Folder Access Vulnerability Allowing Certificate Manipulation

Vulnerability

Impact

Affected Products

CODESYS Control

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating