CVE-2026-8047 PUBLISHED

Out-of-bounds Write in CODESYS Control

Assigner: CERTVDE
Reserved: 06.05.2026 Published: 26.05.2026 Updated: 26.05.2026

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	CODESYS
Product	CODESYS Control RTE (SL)
Versions	Default: unaffected affected from 3.5.21.0 to 3.5.22.20 (excl.)

Vendor	CODESYS
Product	CODESYS Control RTE (for Beckhoff CX) SL
Versions	Default: unaffected affected from 3.5.21.0 to 3.5.22.20 (excl.)

Vendor	CODESYS
Product	CODESYS Control Win (SL)
Versions	Default: unaffected affected from 3.5.21.0 to 3.5.22.20 (excl.)

Vendor	CODESYS
Product	CODESYS HMI (SL)
Versions	Default: unaffected affected from 3.5.21.0 to 3.5.22.20 (excl.)

Vendor	CODESYS
Product	CODESYS Runtime Toolkit
Versions	Default: unaffected affected from 3.5.21.0 to 3.5.22.20 (excl.)

Vendor	CODESYS
Product	CODESYS Control for BeagleBone SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Control for emPC-A/iMX6 SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Control for IOT2000 SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Control for Linux ARM SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Control for Linux SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Control for PFC100 SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Control for PFC200 SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Control for PLCnext SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Control for Raspberry Pi SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Control for WAGO Touch Panels 600 SL
Versions	Default: unaffected affected from 0.0.0 to 4.21.0.0 (excl.)

Vendor	CODESYS
Product	CODESYS Virtual Control SL
Versions	Default: unaffected affected from 4.15.0.0 to 4.21.0.0 (excl.)

References

https://www.certvde.com/en/advisories/VDE-2026-057/

Problem Types

CWE-1284 Improper Validation of Specified Quantity in Input CWE