Security information
As machines and plants are more and more interconnected via Internet, protection against cyberattacks is of vital importance. Security is therefore an issue of high priority to the CODESYS Group, and it constitutes an integral part of our development process.
The Security functions integrated in the CODESYS products are permanently updated and extended. All CODESYS software components are regularly checked to detect potential vulnerabilities. Moreover, the CODESYS Group commits to resolve verified vulnerabilities within a reasonable period of time. Our Security Whitepaper (PDF) will provide you with important information on the topic of CODESYS Security.
Security messages
In the following table you will find the security advisories published by the CODESYS Group. These contain the most important information on known security vulnerabilities, including recommendations for possible workarounds and available security updates. Whether and in what time frame the recommended updates are adopted by the manufacturers of devices programmable with CODESYS depends on the technical assessment of the respective device manufacturer.
| Last update | Advisory number | Advisory | Download | |
|---|---|---|---|---|
| 18.03.2025 | 2025-02 | CODESYS (Edge) Gateway for Windows insecure default | CSAF | |
| 18.03.2025 | 2025-03 | CODESYS Control V3 removable media path traversal | CSAF | |
| 18.03.2025 | 2025-04 | CODESYS Control V3 - OPC UA Server Authentication bypass | CSAF | |
| 21.01.2025 | 2025-01 | CODESYS Key | CSAF | |
| 11.12.2024 | 2024-02 | CODESYS Control Win and CODESYS (Edge) Gateway for Windows | ||
| 24.09.2024 | 2024-05 | CODESYS Control V3 web server | CSAF | |
| 12.09.2024 | 2024-04 | OSCAT Basic Library | ||
| 05.07.2024 | 2024-03 | CODESYS Control V3 - OPC UA Stack | ||
| 06.05.2024 | 2024-01 | CODESYS Development System V2.3 | ||
| 26.02.2024 | 2023-11 | CODESYS Control V3 on Linux and QNX operating systems | ||
| 05.12.2023 | 2023-10 | CODESYS products containing WIBU CodeMeter Runtime | ||
| 31.10.2023 | 2023-05 | CODESYS Control V3 | ||
| 31.10.2023 | 2023-07 | CODESYS Development System V3 | ||
| 03.08.2023 | 2023-04 | CODESYS Control V3 | ||
| 03.08.2023 | 2023-06 | CODESYS Development System V3 | ||
| 03.08.2023 | 2023-08 | CODESYS Development System V3 | ||
| 26.07.2023 | 2023-09 | CODESYS Scripting | ||
| 27.06.2023 | 2022-03 | Security update for SysDrv3S | ||
| 04.04.2023 | 2023-01 | Security update for CODESYS Control V3 file access | ||
| 04.04.2023 | 2023-02 | Security update for CODESYS Control V3 | ||
| 04.04.2023 | 2023-03 | Security update for CODESYS runtime system V3 communication server | ||
| 26.01.2023 | 2022-16 | Security update for CODESYS Control V3 communication server | ||
| 14.12.2022 | 2018-04 | Security update for CODESYS V2 and V3 runtime systems | ||
| 14.12.2022 | 2022-12 | Security update for CODESYS V2 password transport | ||
| 14.12.2022 | 2022-15 | Security update for CODESYS V3 boot application encryption | ||
| 13.11.2022 | 2022-02 | Security update for CODESYS Control V3 configuration file access | ||
| 03.11.2022 | 2022-04 | Security update for various CODESYS V3 products using the CODESYS communication protocol | ||
| 03.11.2022 | 2022-05 | Security update for CODESYS Control V3 online user management | ||
| 03.11.2022 | 2022-06 | Security update for several CODESYS V3 products containing a CODESYS communication server | ||
| 03.11.2022 | 2022-07 | Security update for CODESYS V3 web server | ||
| 03.11.2022 | 2022-09 | Security update for CODESYS V3 products containing a CODESYS communication server | ||
| 06.10.2022 | 2021-15 | Security update for CODESYS V2 web server | ||
| 06.10.2022 | 2021-18 | Security update for CODESYS Git | ||
| 06.10.2022 | 2022-10 | Security update for CODESYS OPC DA Server V3 | ||
| 06.10.2022 | 2022-14 | Security update for CODESYS V3 Visualization | ||
| 27.07.2022 | 2021-13 | Security update for CODESYS Development System V3 including CODESYS Installer and CODESYS SVN | ||
| 23.06.2022 | 2022-11 | Security update for CODESYS Control V2 | ||
| 23.06.2022 | 2022-13 | Security update for CODESYS Gateway V2 | ||
| 14.04.2022 | 2022-08 | Security Note: Framework for attacks on ICS and SCADA systems (INCONTROLLER / PIPEDREAM) | ||
| 27.01.2022 | 2022-01 | Security update for CODESYS PROFINET | ||
| 30.11.2021 | 2021-04 | Security update for CODESYS Gateway V3 | ||
| 25.10.2021 | 2021-06 | Security update for CODESYS Control V2 communication | ||
| 25.10.2021 | 2021-16 | Security update for CODESYS Control V2 TCP/IP communication driver | ||
| 25.10.2021 | 2021-17 | Security update for CODESYS Control V2 | ||
| 30.08.2021 | 2021-09 | Security update for CODESYS V3 web server | ||
| 30.08.2021 | 2021-11 | Security update for CODESYS V3 web server file access | ||
| 30.08.2021 | 2021-12 | Security update for CODESYS Gateway V3 | ||
| 22.07.2021 | 2021-10 | Security update for CODESYS V3 Runtime Toolkit for VxWorks | ||
| 22.07.2021 | 2021-14 | Security update for CODESYS EtherNetIP | ||
| 15.07.2021 | 2021-07 | Security update for CODESYS V2 web server | ||
| 18.05.2021 | 2021-01 | Security update for various CODESYS V3 products using the CODESYS communication protocol | ||
| 11.05.2021 | 2021-08 | Security update for CODESYS Control V2 Linux SysFile library implementation | ||
| 28.04.2021 | 2021-02 | Security update for CODESYS V3 Package Manager | ||
| 28.04.2021 | 2021-03 | Security update for CODESYS V3 Library Manager | ||
| 28.04.2021 | 2021-05 | Security update for CODESYS Automation Server | ||
| 29.03.2021 | 2019-08 | Security update for CODESYS Control V3 password handling | ||
| 29.03.2021 | 2019-08 | Security update for CODESYS Control V3 password handling | ||
| 02.10.2020 | 2020-06 | Security update for several CODESYS V2 and V3 products containing WIBU CodeMeter Runtime | ||
| 23.07.2020 | 2020-05 | Security update for CODESYS V3 Visualization | ||
| 22.07.2020 | 2020-02 | Security update for various CODESYS V3 products using the CODESYS communication protocol | ||
| 06.05.2020 | 2019-05 | Security update for CODESYS V3 Library Manager | ||
| 06.05.2020 | 2020-04 | Security update for CODESYS V3 Visualization | ||
| 01.04.2020 | 2020-03 | Security update for CODESYS V3 web server | ||
| 23.01.2020 | 2020-01 | Security update for several CODESYS V3 products containing a CODESYS communication server | ||
| 18.12.2019 | 2018-05 | Security update for CODESYS V3 web server | ||
| 18.12.2019 | 2019-01 | Security update for CODESYS V3 web server | ||
| 18.12.2019 | 2019-02 | Security update for CODESYS Gateway V3 channel management | ||
| 18.12.2019 | 2019-03 | Security update for CODESYS Gateway V3 memory management | ||
| 18.12.2019 | 2019-04 | Security update for CODESYS Control V3 online user management | ||
| 18.12.2019 | 2019-06 | Security update for several CODESYS V3 products containing a CODESYS communication server | ||
| 18.12.2019 | 2019-07 | Security update for CODESYS Control V3 OPC UA Server | ||
| 18.12.2019 | 2019-10 | Security update for CODESYS V3 web server | ||
| 18.12.2019 | 2019-11 | Security update for CODESYS Control V2 | ||
| 18.04.2019 | 2018-10 | Security update for CODESYS Control V3 security features | ||
| 21.01.2019 | 2018-11 | Security update for CODESYS V3 TCP communication driver | ||
| 19.12.2018 | 2018-13 | Security update for several CODESYS V3 products containing a CODESYS communication server | ||
| 19.12.2018 | 2018-14 | Security update for various CODESYS V3 products using the CODESYS communication protocol | ||
| 17.12.2018 | 2018-07 | Security update for CODESYS Control V3 Trace Manager | ||
| 17.12.2018 | 2018-08 | Security update for CODESYS Control V3 TLS socket communication | ||
| 17.12.2018 | 2018-09 | Security update for CODESYS Development System V3 Alarm configuration | ||
| 17.12.2018 | 2018-12 | Security update for CODESYS Development System V3 compiled libraries | ||
| 11.07.2018 | 2018-02 | Security update for CODESYS Control V3 OPC UA Server | ||
| 11.07.2018 | 2018-06 | Security update for CODESYS Control V3 and CODESYS HMI V3 - OpenSSL update | ||
| 15.03.2018 | 2017-08 | Security update for CODESYS SVN - Apache Subversion® update | ||
| 15.03.2018 | 2018-03 | Security update for CODESYS SVN - OpenSSL update | ||
| 02.02.2018 | 2018-01 | Security update for CODESYS V2.3 web server | ||
| 20.12.2017 | 2017-07 | Security update for CODESYS Control V3 OPC UA Server | ||
| 20.12.2017 | 2017-09 | Security update for CODESYS V3 web server | ||
| 13.07.2017 | 2017-03 | Security update for various CODESYS V3 products using the CODESYS communication protocol | ||
| 13.07.2017 | 2017-04 | Security update for several CODESYS V3 products installation setup | ||
| 13.07.2017 | 2017-05 | Security update for HMAC signature check in CODESYS Control V3 | ||
| 13.07.2017 | 2017-06 | Security update for various CODESYS V3 products using the CODESYS UDP communication protocol | ||
| 26.04.2017 | 2017-02 | Security update for CODESYS SVN - OpenSSL update | ||
| 25.04.2017 | 2016-01 | Security update for CODESYS V2.3 web server | ||
| 25.04.2017 | 2016-02 | Security update for CODESYS SVN - Apache Subversion update | ||
| 20.03.2017 | 2017-01 | Security update for CODESYS Control V3 OPC UA Server | ||
| 17.02.2017 | 2016-03 | Security update for several CODESYS products using pthreads DLL | ||