CVE-2025-41659
📋 TL;DR
A low-privileged attacker can remotely access the PKI folder in CODESYS Control runtime systems, allowing them to read/write certificates and keys. This enables sensitive data extraction or acceptance of malicious certificates as trusted. All affected CODESYS Control runtime systems are vulnerable.
💻 Affected Systems
- CODESYS Control runtime systems
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker steals all certificates and keys, impersonates trusted systems, decrypts all encrypted communications, and potentially gains full control of industrial processes.
Likely Case
Attacker extracts sensitive certificates, installs malicious certificates to intercept or manipulate industrial control communications, leading to operational disruption.
If Mitigated
With proper network segmentation and access controls, impact is limited to certificate compromise within isolated network segments.
🎯 Exploit Status
Requires low-privileged access but exploitation is straightforward once access is obtained
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check CODESYS security advisory for specific version
Vendor Advisory: https://certvde.com/de/advisories/VDE-2025-051
Restart Required: Yes
Instructions:
1. Download latest CODESYS Control runtime from official vendor portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart affected systems. 5. Verify certificate integrity.
🔧 Temporary Workarounds
Restrict PKI folder permissions
linuxSet strict file system permissions on PKI folder to prevent unauthorized access
chmod 700 /path/to/pki/folder
chown root:root /path/to/pki/folder
Network segmentation
allIsolate CODESYS Control systems from untrusted networks
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to CODESYS systems
- Monitor PKI folder access and certificate changes with file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check if CODESYS Control runtime is running and accessible with low-privileged credentialsCheck Version:
codesyscontrol --versionVerify Fix Applied:
Verify PKI folder permissions are restricted and test with low-privileged account cannot access folder📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to PKI folder
- Certificate modification events
- Failed authentication to CODESYS services
Network Indicators:
- Unexpected connections to CODESYS Control ports
- Certificate validation failures
SIEM Query:
source="codesys" AND (event="file_access" AND path="*pki*" OR event="certificate_modified")