CVE-2025-0694
published 2025-03-18CVE-2025-0694: Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.
medium6.6CVSS 3.1
AVPACLPRLUINSUCHIHAH
Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | codesys_control_for_beaglebone_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_for_empc-a_imx6_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_for_iot2000_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_for_linux_arm_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_for_linux_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_for_pfc100_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_for_pfc200_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_for_plcnext_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_for_raspberry_pi_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_for_wago_touch_panels_600_sl | < 4.16.0.0 | 4.16.0.0 |
| codesys | codesys_control_rte | < 3.5.21.0 | 3.5.21.0 |
| codesys | codesys_control_rte_sl | < 3.5.21.0 | 3.5.21.0 |
| codesys | codesys_control_win | < 3.5.21.0 | 3.5.21.0 |
| codesys | codesys_runtime_toolkit | < 3.5.21.0 | 3.5.21.0 |
| codesys | codesys_virtual_control_sl | < 4.16.0.0 | 4.16.0.0 |