{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35225", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2026-04-01T19:54:21.499Z", "datePublished": "2026-04-23T13:54:51.863Z", "dateUpdated": "2026-04-23T15:35:43.352Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CODESYS EtherNetIP", "vendor": "CODESYS", "versions": [{"lessThan": "4.9.0.0", "status": "affected", "version": "1.0.0.0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:codesys_ethernetip:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.0.0", "versionStartIncluding": "1.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "reporter", "value": "ABB"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."}], "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-04-23T13:54:51.863Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json"}, {"tags": ["vendor-advisory"], "url": "https://www.certvde.com/en/advisories/VDE-2026-040/"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper timeout handling in CODESYS EtherNetIP", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T15:35:35.243946Z", "id": "CVE-2026-35225", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T15:35:43.352Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35225", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-23T15:35:35.243946Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T15:35:39.991Z"}}], "cna": {"title": "Improper timeout handling in CODESYS EtherNetIP", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "ABB"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "CODESYS", "product": "CODESYS EtherNetIP", "versions": [{"status": "affected", "version": "1.0.0.0", "lessThan": "4.9.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json", "tags": ["vendor-advisory"]}, {"url": "https://www.certvde.com/en/advisories/VDE-2026-040/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:codesys_ethernetip:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.0.0", "versionStartIncluding": "1.0.0.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-04-23T13:54:51.863Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35225", "state": "PUBLISHED", "dateUpdated": "2026-04-23T15:35:43.352Z", "dateReserved": "2026-04-01T19:54:21.499Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2026-04-23T13:54:51.863Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections."}], "id": "CVE-2026-35225", "lastModified": "2026-04-24T14:50:56.203", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2026-04-23T15:37:23.377", "references": [{"source": "info@cert.vde.com", "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json"}, {"source": "info@cert.vde.com", "url": "https://www.certvde.com/en/advisories/VDE-2026-040/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.0.0,4.9.0.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "CODESYS EtherNetIP", "source": "cna", "vendor": "CODESYS"}, "product": "ethernetip", "vendor": "codesys"}], "analysis": {"en": {"generated_at": "2026-04-28T20:31:38.184478+00:00", "value": {"mitigation_remediation": ["Check the CODESYS vendor website or release notes for an update that addresses the timeout handling issue.", "If an update is not yet available, restrict the number of concurrent TCP connections accepted by the EtherNet/IP adapter through firewall rules or service limits to mitigate the connection exhaustion attack.", "Monitor system logs for excessive connection attempts and block repeated source IP addresses when suspicious activity is detected."], "summary": {"action": "Check for patch", "impact": "Remote Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is CODESYS EtherNetIP from the vendor CODESYS. No specific version information is provided, so all installations of the CODESYS EtherNetIP adapter are potentially impacted.", "description_and_impact": "An unauthenticated remote attacker can exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack by repeatedly opening connections, causing legitimate clients to be unable to connect. The vulnerability arises from improper timeout handling in the adapter, a flaw classified as CWE-754, and results in a denial of service condition where new connections are blocked for the duration of the exhaustion.", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high severity of this vulnerability. The EPSS score of less than 1% suggests a very low probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote network access, with authentication not required, and the exploit requires only the ability to open repeated TCP connections to the targeted device."}}}}, "created": "2026-04-27T22:30:14.287287+00:00", "updated": "2026-04-28T20:45:16.582843+00:00", "vendors": ["codesys", "codesys$PRODUCT$ethernetip"]}