CODESYS Security

As machines and plants are more and more interconnected via Internet, protection against cyberattacks is of vital importance. Security is therefore an issue of high priority to the CODESYS Group, and it constitutes an integral part of our development process.

The Security functions integrated in the CODESYS products are permanently updated and extended. All CODESYS software components are regularly checked to detect potential vulnerabilities. Moreover, the CODESYS Group commits to resolve verified vulnerabilities within a reasonable period of time. Our Security Whitepaper (PDF) will provide you with important information on the topic of CODESYS Security.

Report vulnerabilities!

Help us make CODESYS software products as secure as possible. If you detect a potential vulnerability having direct or indirect effect on a CODESYS software product, please report it using the online form (encrypted via https) or send an e-mail to the CODESYS Security team (security@codesys.com). Our Coordinated Disclosure Policy (PDF) gives you all relevant information on how to report vulnerabilities and on how the CODESYS Group handles reported vulnerabilities.

The table hereunder shows all Security advisories published by the CODESYS Group. These advisories provide essential information on known vulnerabilities including possible workarounds and available Security updates. It is up to the device manufacturers’ technical assessment if and when to implement the recommended updates.

CODESYS Security Advisories

All new CODESYS Security Advisories are also available as CSAF.

Last update Advisory number Advisory (PDF)
11.12.2024 2024-02 CODESYS Control Win and CODESYS (Edge) Gateway for Windows
24.09.2024 2024-05 CODESYS Control V3 web server
12.09.2024 2024-04 OSCAT Basic Library
05.07.2024 2024-03 CODESYS Control V3 - OPC UA Stack
06.05.2024 2024-01 CODESYS Development System V2.3
26.02.2024 2023-11 CODESYS Control V3 on Linux and QNX operating systems
05.12.2023 2023-10 CODESYS products containing WIBU CodeMeter Runtime
31.10.2023 2023-07 CODESYS Development System V3
31.10.2023 2023-05 CODESYS Control V3
03.08.2023 2023-08 CODESYS Development System V3
03.08.2023 2023-06 CODESYS Development System V3
03.08.2023 2023-04 CODESYS Control V3
26.07.2023 2023-09 CODESYS Scripting
27.06.2023 2022-03 Security update for SysDrv3S
04.04.2023 2023-03 Security update for CODESYS runtime system V3 communication server
04.04.2023 2023-02 Security update for CODESYS Control V3
04.04.2023 2023-01 Security update for CODESYS Control V3 file access
26.01.2023 2022-16 Security update for CODESYS Control V3 communication server
14.12.2022 2022-15 Security update for CODESYS V3 boot application encryption
14.12.2022 2022-12 Security update for CODESYS V2 password transport
14.12.2022 2018-04 Security update for CODESYS V2 and V3 runtime systems
03.11.2022 2022-09 Security update for CODESYS V3 products containing a CODESYS communication server
03.11.2022 2022-07 Security update for CODESYS V3 web server
03.11.2022 2022-06 Security update for several CODESYS V3 products containing a CODESYS communication server
03.11.2022 2022-05 Security update for CODESYS Control V3 online user management
03.11.2022 2022-04 Security update for various CODESYS V3 products using the CODESYS communication protocol
03.11.2022 2022-02 Security update for CODESYS Control V3 configuration file access
06.10.2022 2022-14 Security update for CODESYS V3 Visualization
06.10.2022 2022-10 Security update for CODESYS OPC DA Server V3
06.10.2022 2021-18 Security update for CODESYS Git
06.10.2022 2021-15 Security update for CODESYS V2 web server
27.07.2022 2021-13 Security update for CODESYS Development System V3 including CODESYS Installer and CODESYS SVN
23.06.2022 2022-13 Security update for CODESYS Gateway V2
23.06.2022 2022-11 Security update for CODESYS Control V2
14.04.2022 2022-08 Security Note: Framework for attacks on ICS and SCADA systems (INCONTROLLER / PIPEDREAM)
27.01.2022 2022-01 Security update for CODESYS PROFINET
30.11.2021 2021-04 Security update for CODESYS Gateway V3
25.10.2021 2021-17 Security update for CODESYS Control V2
25.10.2021 2021-16 Security update for CODESYS Control V2 TCP/IP communication driver
25.10.2021 2021-06 Security update for CODESYS Control V2 communication
30.08.2021 2021-12 Security update for CODESYS Gateway V3
30.08.2021 2021-11 Security update for CODESYS V3 web server file access
30.08.2021 2021-09 Security update for CODESYS V3 web server
22.07.2021 2021-14 Security update for CODESYS EtherNetIP
22.07.2021 2021-10 Security update for CODESYS V3 Runtime Toolkit for VxWorks
15.07.2021 2021-07 Security update for CODESYS V2 web server
18.05.2021 2021-01 Security update for various CODESYS V3 products using the CODESYS communication protocol
11.05.2021 2021-08 Security update for CODESYS Control V2 Linux SysFile library implementation
28.04.2021 2021-05 Security update for CODESYS Automation Server
28.04.2021 2021-03 Security update for CODESYS V3 Library Manager
28.04.2021 2021-02 Security update for CODESYS V3 Package Manager
29.03.2021 2019-08 Security update for CODESYS Control V3 password handling
02.10.2020 2020-06 Security update for several CODESYS V2 and V3 products containing WIBU CodeMeter Runtime
23.07.2020 2020-05 Security update for CODESYS V3 Visualization
22.07.2020 2020-02 Security update for various CODESYS V3 products using the CODESYS communication protocol
06.05.2020 2020-04 Security update for CODESYS V3 Visualization
06.05.2020 2019-05 Security update for CODESYS V3 Library Manager
01.04.2020 2020-03 Security update for CODESYS V3 web server
23.01.2020 2020-01 Security update for several CODESYS V3 products containing a CODESYS communication server
18.12.2019 2019-11 Security update for CODESYS Control V2
18.12.2019 2019-10 Security update for CODESYS V3 web server
18.12.2019 2019-07 Security update for CODESYS Control V3 OPC UA Server
18.12.2019 2019-06 Security update for several CODESYS V3 products containing a CODESYS communication server
18.12.2019 2019-04 Security update for CODESYS Control V3 online user management
18.12.2019 2019-03 Security update for CODESYS Gateway V3 memory management
18.12.2019 2019-02 Security update for CODESYS Gateway V3 channel management
18.12.2019 2019-01 Security update for CODESYS V3 web server
18.12.2019 2018-05 Security update for CODESYS V3 web server
23.10.2019 2019-09 Security update for CODESYS V2.3 ENI server
18.04.2019 2018-10 Security update for CODESYS Control V3 security features
21.01.2019 2018-11 Security update for CODESYS V3 TCP communication driver
19.12.2018 2018-14 Security update for various CODESYS V3 products using the CODESYS communication protocol
19.12.2018 2018-13 Security update for several CODESYS V3 products containing a CODESYS communication server
17.12.2018 2018-12 Security update for CODESYS Development System V3 compiled libraries
17.12.2018 2018-09 Security update for CODESYS Development System V3 Alarm configuration
17.12.2018 2018-08 Security update for CODESYS Control V3 TLS socket communication
17.12.2018 2018-07 Security update for CODESYS Control V3 Trace Manager
11.07.2018 2018-06 Security update for CODESYS Control V3 and CODESYS HMI V3 - OpenSSL update
11.07.2018 2018-02 Security update for CODESYS Control V3 OPC UA Server
15.03.2018 2018-03 Security update for CODESYS SVN - OpenSSL update
15.03.2018 2017-08 Security update for CODESYS SVN - Apache Subversion® update
02.02.2018 2018-01 Security update for CODESYS V2.3 web server
20.12.2017 2017-09 Security update for CODESYS V3 web server
20.12.2017 2017-07 Security update for CODESYS Control V3 OPC UA Server
13.07.2017 2017-06 Security update for various CODESYS V3 products using the CODESYS UDP communication protocol
13.07.2017 2017-05 Security update for HMAC signature check in CODESYS Control V3
13.07.2017 2017-04 Security update for several CODESYS V3 products installation setup
13.07.2017 2017-03 Security update for various CODESYS V3 products using the CODESYS communication protocol
26.04.2017 2017-02 Security update for CODESYS SVN - OpenSSL update
25.04.2017 2016-02 Security update for CODESYS SVN - Apache Subversion update
25.04.2017 2016-01 Security update for CODESYS V2.3 web server
20.03.2017 2017-01 Security update for CODESYS Control V3 OPC UA Server
14.02.2017 2016-03 Security update for several CODESYS products using pthreads DLL

For questions concerning Security issues or if you wish to report vulnerabilities or irregularities, please use the form below (encrypted via https).

Security report

Security area for device manufacturers

This area is reserved for device manufacturers that are direct customers of the CODESYS Group.
Registration requires a valid customer ID number.

Security area for device manufacturers

 

Jobs @ CODESYS