Codesys runtime toolkit

This hub aggregates every CVE we track for Codesys runtime toolkit, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Codesys runtime toolkit.

• CVE-2026-8047Out-of-bounds Write in CODESYS Control7.5May 26, 2026
• CVE-2026-8046Incorrect Authorization in CODESYS Control8.1May 26, 2026
• CVE-2026-3509CODESYS Control Audit Log Format String DoS7.5Mar 24, 2026
• CVE-2025-41660CODESYS Control Boot Application Replacement Enables Code Execution8.8Mar 24, 2026
• CVE-2025-41738CODESYS Control - Invalid type usage in visualization7.5Dec 1, 2025
• CVE-2025-41739CODESYS Control - Linux/QNX SysSocket flaw5.9Dec 1, 2025
• CVE-2025-41659CODESYS Control PKI Exposure Enables Remote Certificate Access8.3Aug 4, 2025
• CVE-2025-41658CODESYS Toolkit Exposes Sensitive Files via Default Permissions5.5Aug 4, 2025
• CVE-2025-0694CODESYS Control V3 removable media path traversal6.6Mar 18, 2025
• CVE-2025-1468CODESYS Control V3 - OPC UA Server Authentication bypass7.5Mar 18, 2025
• CVE-2024-8175CODESYS: web server vulnerable to DoS7.5Sep 25, 2024
• CVE-2024-5000CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products7.5Jun 4, 2024
• CVE-2022-4224CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V38.8Mar 23, 2023
• CVE-2022-32137CODESYS Runtime System prone to heap based buffer overflow8.8Jun 24, 2022
• CVE-2019-197893S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.6.5Dec 20, 2019