HIGHCVE-2026-8047Published 2026-05-26Modified 2026-05-26CNA CERTVDE

CVE-2026-8047: Out-of-bounds Write in CODESYS Control

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: 3.5.22.20
Affected Products: 16

Fix available

3.5.22.204.21.0.0

Affected packages

CODESYS / CODESYS Control RTE (SL)
< 3.5.22.20 (from 3.5.21.0)
CODESYS / CODESYS Control RTE (for Beckhoff CX) SL
< 3.5.22.20 (from 3.5.21.0)
CODESYS / CODESYS Control Win (SL)
< 3.5.22.20 (from 3.5.21.0)
CODESYS / CODESYS HMI (SL)
< 3.5.22.20 (from 3.5.21.0)
CODESYS / CODESYS Runtime Toolkit
< 3.5.22.20 (from 3.5.21.0)
CODESYS / CODESYS Control for BeagleBone SL
< 4.21.0.0 (from 4.15.0.0)
CODESYS / CODESYS Control for emPC-A/iMX6 SL
< 4.21.0.0 (from 4.15.0.0)
CODESYS / CODESYS Control for IOT2000 SL
< 4.21.0.0 (from 4.15.0.0)
CODESYS / CODESYS Control for Linux ARM SL
< 4.21.0.0 (from 4.15.0.0)
CODESYS / CODESYS Control for Linux SL
< 4.21.0.0 (from 4.15.0.0)
CODESYS / CODESYS Control for PFC100 SL
< 4.21.0.0 (from 4.15.0.0)
CODESYS / CODESYS Control for PFC200 SL
< 4.21.0.0 (from 4.15.0.0)
CODESYS / CODESYS Control for PLCnext SL
< 4.21.0.0 (from 4.15.0.0)
CODESYS / CODESYS Control for Raspberry Pi SL
< 4.21.0.0 (from 4.15.0.0)
CODESYS / CODESYS Control for WAGO Touch Panels 600 SL
< 4.21.0.0 (from 0.0.0)
CODESYS / CODESYS Virtual Control SL
< 4.21.0.0 (from 4.15.0.0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

certvde.com

Metrics

Fix available