Primary

Context

CODESYS Visualization - Insufficiently Protected Credentials

Vulnerability

Patched

A vulnerability exists in CODESYS Visualization versions prior to 4.10.0.0, allowing low-privileged users to remotely access credentials entered by other users during simultaneous login sessions. This issue arises from inadequate separation of authentication data, affecting only active visualization sessions.

Impact

Exploitation may enable an authenticated remote visualization user to intercept credentials typed by another user, potentially with elevated privileges.

Remediation

Users can update to CODESYS Visualization version 4.10.0.0. For projects using an affected version, the update requires recompiling the application and downloading it to the HMI or PLC. The CODESYS Development System and available add-ons can be installed via the CODESYS Installer or downloaded from the CODESYS Store. Additional update information is available on the CODESYS Update page.

Added: May 21, 2026, 12:19 PM

Updated: May 21, 2026, 12:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.2

remediation

7.9

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.2

remediation

7.9

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CODESYS Visualization - Insufficiently Protected Credentials

Vulnerability

Impact

Remediation

Affected Products

CODESYS Visualization

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating