CODESYS Control Out-of-Bounds Write Vulnerability Leading to Denial-of-Service

A size-limited out-of-bounds write vulnerability has been identified in the CODESYS Control Runtime's CmpWebServer component. This issue arises from improper length checking when parsing incoming HTTP requests. An unauthenticated remote attacker can exploit this vulnerability to cause a system crash, leading to a denial-of-service condition on the affected device. The vulnerability is present in several CODESYS Control Runtime versions, but only when the web server is active, which typically requires a running application with Web Visualization enabled.

Impact

Exploitation of this vulnerability causes the CODESYS Control Runtime to crash, resulting in a denial-of-service condition on the affected device.

Remediation

Users can update to version 3.5.22.20 for CODESYS Control RTE (SL), CODESYS Control RTE (for Beckhoff CX) SL, CODESYS Control Win (SL), CODESYS HMI (SL), and CODESYS Runtime Toolkit. For CODESYS Control for BeagleBone SL, CODESYS Control for emPC-A/iMX6 SL, CODESYS Control for IOT2000 SL, CODESYS Control for Linux ARM SL, CODESYS Control for Linux SL, CODESYS Control for PFC100 SL, CODESYS Control for PFC200 SL, CODESYS Control for PLCnext SL, CODESYS Control for Raspberry Pi SL, CODESYS Control for WAGO Touch Panels 600 SL, and CODESYS Virtual Control SL, the update to version 4.21.0.0 is expected in June 2026.