CVE-2025-1468
📋 TL;DR
An unauthenticated remote attacker can access sensitive authentication information in CODESYS OPC UA Server when using the non-default Basic128Rsa15 security policy. This affects systems running vulnerable versions of CODESYS OPC UA Server with this specific security policy enabled.
💻 Affected Systems
- CODESYS OPC UA Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full authentication credentials, potentially leading to complete system compromise, data theft, or operational disruption.
Likely Case
Unauthenticated attackers extract authentication information, enabling further attacks on the system or connected industrial control systems.
If Mitigated
With proper controls, impact is limited to information disclosure without system compromise.
🎯 Exploit Status
Exploitation requires network access and the specific security policy configuration
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific version
Vendor Advisory: https://cert.vde.com/en/advisories/VDE-2025-022
Restart Required: No
Instructions:
1. Apply vendor patch for CODESYS OPC UA Server. 2. Verify Basic128Rsa15 policy is disabled or updated. 3. Test functionality after patching.
🔧 Temporary Workarounds
Disable Basic128Rsa15 Security Policy
allSwitch to a different security policy that is not vulnerable
Configure OPC UA Server to use alternative security policies like Basic256Sha256
🧯 If You Can't Patch
- Network segmentation: Isolate CODESYS OPC UA Server from untrusted networks
- Access controls: Restrict network access to trusted IP addresses only
🔍 How to Verify
Check if Vulnerable:
Check if CODESYS OPC UA Server is configured with Basic128Rsa15 security policy enabledCheck Version:
Check CODESYS version through management interface or system logsVerify Fix Applied:
Verify patch version and confirm Basic128Rsa15 policy is disabled or updated📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts
- OPC UA security policy configuration changes
Network Indicators:
- Unauthenticated OPC UA requests to Basic128Rsa15 endpoints
SIEM Query:
OPC UA protocol anomalies with Basic128Rsa15 policy