An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00081.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Codesys
  • Control For Beaglebone Sl
  • Control For Empc-a/imx6 Sl
  • Control For Iot2000 Sl
  • Control For Linux Arm Sl
  • Control For Linux Sl
  • Control For Pfc100 Sl
  • Control For Pfc200 Sl
  • Control For Plcnext Sl
  • Control For Raspberry Pi Sl
  • Control For Wago Touch Panels 600 Sl
  • Control Rte (sl)
  • Control Rte \(for Beckhoff Cx\) Sl
  • Control Win (sl)
  • Runtime Toolkit
  • Virtual Control Sl

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Codesys
  • Control For Beaglebone Sl
  • Control For Empc-a/imx6 Sl
  • Control For Iot2000 Sl
  • Control For Linux Arm Sl
  • Control For Linux Sl
  • Control For Pfc100 Sl
  • Control For Pfc200 Sl
  • Control For Plcnext Sl
  • Control For Raspberry Pi Sl
  • Control For Wago Touch Panels 600 Sl
  • Control Rte (sl)
  • Control Rte \(for Beckhoff Cx\) Sl
  • Control Win (sl)
  • Runtime Toolkit
  • Virtual Control Sl
References
Link Providers
https://certvde.com/de/advisories/VDE-2026-018 cve-icon cve-icon
History

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Codesys
Codesys control For Beaglebone Sl
Codesys control For Empc-a/imx6 Sl
Codesys control For Iot2000 Sl
Codesys control For Linux Arm Sl
Codesys control For Linux Sl
Codesys control For Pfc100 Sl
Codesys control For Pfc200 Sl
Codesys control For Plcnext Sl
Codesys control For Raspberry Pi Sl
Codesys control For Wago Touch Panels 600 Sl
Codesys control Rte (sl)
Codesys control Rte \(for Beckhoff Cx\) Sl
Codesys control Win (sl)
Codesys runtime Toolkit
Codesys virtual Control Sl
Vendors & Products Codesys
Codesys control For Beaglebone Sl
Codesys control For Empc-a/imx6 Sl
Codesys control For Iot2000 Sl
Codesys control For Linux Arm Sl
Codesys control For Linux Sl
Codesys control For Pfc100 Sl
Codesys control For Pfc200 Sl
Codesys control For Plcnext Sl
Codesys control For Raspberry Pi Sl
Codesys control For Wago Touch Panels 600 Sl
Codesys control Rte (sl)
Codesys control Rte \(for Beckhoff Cx\) Sl
Codesys control Win (sl)
Codesys runtime Toolkit
Codesys virtual Control Sl

Tue, 24 Mar 2026 08:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
Title CODESYS Control Audit Log Format String DoS
Weaknesses CWE-134
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-03-26T12:35:48.666Z

Reserved: 2026-03-04T09:24:19.745Z

Link: CVE-2026-3509

cve-icon Vulnrichment

Updated: 2026-03-26T12:35:44.638Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T08:16:01.657

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-3509

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:39:47Z