Volerion logoVolerion
Volerion logoVolerion

CODESYS EtherNetIP Improper Timeout Handling Vulnerability

Vulnerability

A vulnerability exists in the CODESYS EtherNet/IP adapter stack, affecting versions prior to 4.9.0.0. Under certain non-standard operating conditions, the adapter fails to properly manage TCP connection timeouts. This oversight allows an unauthenticated remote attacker to exhaust all available TCP connections, blocking legitimate clients from establishing new connections. The issue arises only in CODESYS projects that include an EtherNet/IP adapter configuration.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, where all available TCP connections are used up, preventing new connections from being established while allowing existing connections to continue functioning normally.

Remediation

Users are advised to update CODESYS EtherNetIP to version 4.9.0.0. The CODESYS Development System and its add-ons can be downloaded via the CODESYS Installer or from the CODESYS Store. Additional update information is available in the CODESYS Update area on the CODESYS website.

Added: Apr 23, 2026, 3:44 PM
Updated: Apr 23, 2026, 3:44 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
2.5
exploitability
7.0
remediation
7.7
relevance
6.5
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.