CVE-2024-41975 MEDIUM

CVE-2024-41975: CODESYS (Edge) Gateway for Windows insecure default

Vendor Codesys
Product CODESYS Edge Gateway
Weakness CWE-1188
Published March 18, 2025
Last update March 18, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.

Key dates

02Disclosure timeline

March 18, 2025 CVE published
March 18, 2025 Record updated