PT-2025-11586 · 3S Smart Software Solutions · Codesys Opc Da Server

Tom Tervoort

Published

2025-03-18

Updated

2025-03-18

CVE-2025-1468

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CODESYS OPC UA Server (affected versions not specified)

Description An unauthenticated remote attacker can gain access to sensitive information, including authentication information, when using CODESYS OPC UA Server with a non-default security policy, specifically the Basic128Rsa15 security policy.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2025-1468

Affected Products

Codesys Opc Da Server

PT-2025-11586 · 3S Smart Software Solutions · Codesys Opc Da Server

CVE-2025-1468

Weakness Enumeration

Related Identifiers

Affected Products

References · 9