Name of the Vulnerable Software and Affected Versions:

CODESYS Control (affected versions not specified)

Description:

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system. This allows the attacker to read and write certificates and their keys, potentially enabling the extraction of sensitive data or the acceptance of certificates as trusted. If the certificates are deleted, only unencrypted communication is possible, while all services remain available.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.