{ "document": { "acknowledgments": [ { "organization": "CERT@VDE", "summary": "coordination", "urls": [ "https://www.certvde.com" ] }, { "organization": "ABB", "summary": "reporting" } ], "aggregate_severity": { "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale", "text": "High" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-GB", "notes": [ { "category": "summary", "text": "CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.\n\nUnder certain non‑standard operating conditions, the EtherNet/IP adapter fails to perform timeout checks on active TCP connections. As a result, once all available TCP connections are in use, expired connections are not released and no new TCP connections can be established. Existing connections remain unaffected and continue to operate normally.\n\nThis issue affects only CODESYS projects that include an EtherNet/IP adapter configuration.", "title": "Summary" }, { "category": "description", "text": "Exploitation of this vulnerability may allow an unauthenticated remote attacker to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack running on a CODESYS Control runtime system, thereby preventing legitimate clients from establishing new connections.", "title": "Impact" }, { "category": "description", "text": "Update the following products to version 4.9.0.0.\n* CODESYS EtherNetIP\n\nThe CODESYS Development System and the products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download/.", "title": "Remediation" }, { "category": "general", "text": "As part of a security strategy, CODESYS GmbH strongly recommends at least the following best-practice\ndefense measures:\n\n* Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n* Use firewalls to protect and separate the control system network from other networks\n* Activate and apply user management and password features\n* Limit the access to both development and control system by physical means, operating system features, etc.\n* Use encrypted communication links\n* Use VPN (Virtual Private Networks) tunnels if remote access is required\n* Protect both development and control system by using up to date virus detecting solutions\n\nFor more information and general recommendations for protecting machines and plants, see also the\nCODESYS Security Whitepaper [here.](https://www.customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf)", "title": "General Recommendation" }, { "category": "legal_disclaimer", "text": "CODESYS GmbH assumes no liability whatsoever for indirect, collateral, accidental or consequential losses\nthat occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided on good faith by CODESYS GmbH.\nInsofar as permissible by law, however, none of this information shall establish any guarantee, commitment or\nliability on the part of CODESYS GmbH.\n\nNote: Not all CODESYS features are available in all territories. For more information on geographic restrictions,\nplease contact sales@codesys.com.", "title": "Disclaimer" } ], "publisher": { "category": "vendor", "contact_details": "security@codesys.com", "name": "CODESYS GmbH", "namespace": "https://www.codesys.com" }, "references": [ { "category": "external", "summary": "CERT@VDE Security Advisories for CODESYS GmbH", "url": "https://www.certvde.com/en/advisories/vendor/codesys" }, { "category": "self", "summary": "Advisory2026-04_VDE-2026-040: CODESYS EtherNetIP - Improper timeout handling - HTML", "url": "https://www.certvde.com/en/advisories/VDE-2026-040/" }, { "category": "self", "summary": "Advisory2026-04_VDE-2026-040: CODESYS EtherNetIP - Improper timeout handling - CSAF", "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json" }, { "category": "external", "summary": "CODESYS Security Advisories", "url": "https://www.codesys.com/security/security-reports.html" }, { "category": "self", "summary": "Advisory2026-04_VDE-2026-040: CODESYS EtherNetIP - Improper timeout handling - PDF", "url": "https://api-www.codesys.com/fileadmin/user_upload/CODESYS_Group/Ecosystem/Up-to-Date/Security/Security-Advisories/Advisory2026-04_EIP-1011.pdf" } ], "title": "CODESYS EtherNetIP - Improper timeout handling", "tracking": { "aliases": [ "VDE-2026-040", "CODESYS Security Advisory 2026-04" ], "current_release_date": "2026-04-23T12:00:00.000Z", "generator": { "date": "2026-04-23T13:23:24.473Z", "engine": { "name": "Secvisogram", "version": "2.5.44" } }, "id": "Advisory2026-04_VDE-2026-040", "initial_release_date": "2026-04-23T12:00:00.000Z", "revision_history": [ { "date": "2026-04-23T12:00:00.000Z", "number": "1.0.0", "summary": "Initial revision." } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:generic/<4.9.0.0", "product": { "name": "CODESYS EtherNetIP < 4.9.0.0", "product_id": "CSAFPID-51001" } }, { "category": "product_version", "name": "4.9.0.0", "product": { "name": "CODESYS EtherNetIP 4.9.0.0", "product_id": "CSAFPID-52001" } } ], "category": "product_name", "name": "CODESYS EtherNetIP" } ], "category": "product_family", "name": "Software" } ], "category": "vendor", "name": "CODESYS" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-35225", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "notes": [ { "audience": "all", "category": "description", "text": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-52001" ], "known_affected": [ "CSAFPID-51001" ] }, "references": [ { "category": "external", "summary": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N - 8.7 / High", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" } ], "remediations": [ { "category": "vendor_fix", "details": "Update the following products to version 4.9.0.0.\n* CODESYS EtherNetIP\n\n\nThe CODESYS Development System and the products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download/.", "product_ids": [ "CSAFPID-51001" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-51001" ] } ], "title": "Improper timeout handling in CODESYS EtherNetIP" } ] }