A high-severity vulnerability exists within the CODESYS Control runtime system's visualisation server, identified as CVE-2025-41738. An unauthenticated attacker can remotely exploit this flaw to cause a denial-of-service (DoS) condition, potentially leading to a loss of visibility and control over industrial processes managed by the affected systems. Organizations are urged to apply vendor-supplied patches immediately to mitigate the risk of operational disruption.

This vulnerability is a type confusion error within the visualisation server of the CODESYS Control runtime system. An unauthenticated remote attacker can send a specially crafted network request to the server. This malicious request causes the server to process a resource using a pointer of an incorrect type, leading to an invalid memory access. This action triggers an unhandled exception, which crashes the server process and results in a denial-of-service (DoS) condition, rendering the visualisation service unavailable.

High severity with a CVSS score of 7.5. The primary business impact of this vulnerability is the potential for significant operational disruption. A successful DoS attack would make the human-machine interface (HMI) or SCADA visualisation unavailable, preventing operators from monitoring or controlling the underlying industrial process. This could lead to production stoppages, financial losses, and in certain environments, create unsafe operating conditions. The fact that the vulnerability can be exploited remotely by an unauthenticated attacker increases the risk, as it lowers the barrier for a potential adversary.

Immediate Action: Apply vendor security updates immediately. The vendor has released patches that correct the type confusion vulnerability. Prioritize patching for internet-facing or otherwise exposed systems. After patching, monitor for any further exploitation attempts and review access logs for indicators of compromise preceding the update.

Proactive Monitoring: Monitor network traffic for malformed or unusual requests targeting the CODESYS visualisation server port (typically TCP/UDP 2455). System administrators should also monitor application and system logs for unexpected crashes, memory access violation errors, or exceptions related to the visualisation server process. An increase in connection resets or failed connection attempts from unknown sources could indicate scanning or exploitation activity.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:

• Ensure the control system network is properly segmented from corporate and external networks using firewalls.
• Implement strict access control lists (ACLs) on firewalls and routers to restrict access to the visualisation server port to only authorized devices and trusted network segments.
• Deploy an Intrusion Prevention System (IPS) with rulesets capable of detecting and blocking anomalous traffic patterns targeting industrial control systems.

Public Exploit Available: false

Given the high severity (CVSS 7.5) and the potential for significant operational impact, it is strongly recommended that organizations prioritize the immediate application of vendor-provided security updates. This vulnerability represents a direct threat to operational availability. While there is no current evidence of active exploitation, the low complexity and lack of authentication required for an attack make it a critical issue to address. If patching must be delayed, the compensating controls outlined above should be implemented without delay to reduce the attack surface.