CODESYS Development System by the CODESYS Group is a platform independent IEC 61131-3 development tool for industrial automation and control. It features an extensive set of tools for PLC programming, visualizations, motion control systems, and many more. The development system provides a user-friendly environment for creating executable control applications and can be expanded and customized according to user requirements.

CODESYS Development System

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-41700	HIGH	7.8	CODESYS Development System	cpe:2.3:a:codesys:development_system	No	Yes	Dec 01, 2025
CVE-2023-5751	HIGH	7.8	CODESYS Development System	cpe:2.3:a:codesys:development_system	No	Yes	Jun 04, 2024
CVE-2023-49675	HIGH	7.8	CODESYS Development System	cpe:2.3:a:codesys:development_system	No	No	May 06, 2024
CVE-2023-37559	MEDIUM	6.5	CODESYS Development System	cpe:2.3:a:codesys:development_system	No	Yes	Aug 03, 2023
CVE-2023-37558	MEDIUM	6.5	CODESYS Development System	cpe:2.3:a:codesys:development_system	No	Yes	Aug 03, 2023

CVE-2022-4224:
CODESYS Development System vulnerability analysis and mitigation

8.8

Related CODESYS Development System vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2022-4224: CODESYS Development System vulnerability analysis and mitigation