Control Win (sl) CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-41660	1 Codesys	16 Codesys Hmi (sl), Control For Beaglebone Sl, Control For Empc-a/imx6 Sl and 13 more	2026-03-25	8.8 High
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
CVE-2026-3509	1 Codesys	15 Control For Beaglebone Sl, Control For Empc-a/imx6 Sl, Control For Iot2000 Sl and 12 more	2026-03-25	7.5 High
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
CVE-2025-41738	1 Codesys	22 Control For Beaglebone Sl, Control For Empc-a/imx6 Sl, Control For Empc-a\/imx6 Sl and 19 more	2026-02-23	7.5 High
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

Page 1 of 1.