Description
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) | unaffected |
|
||||||
| CODESYS | CODESYS Control RTE (for Beckhoff CX) SL | unaffected |
|
||||||
| CODESYS | CODESYS Control Win (SL) | unaffected |
|
||||||
| CODESYS | CODESYS HMI (SL) | unaffected |
|
||||||
| CODESYS | CODESYS Runtime Toolkit | unaffected |
|
||||||
| CODESYS | CODESYS Control for BeagleBone SL | unaffected |
|
||||||
| CODESYS | CODESYS Control for emPC-A/iMX6 SL | unaffected |
|
||||||
| CODESYS | CODESYS Control for IOT2000 SL | unaffected |
|
||||||
| CODESYS | CODESYS Control for Linux ARM SL | unaffected |
|
||||||
| CODESYS | CODESYS Control for Linux SL | unaffected |
|
||||||
| CODESYS | CODESYS Control for PFC100 SL | unaffected |
|
||||||
| CODESYS | CODESYS Control for PFC200 SL | unaffected |
|
||||||
| CODESYS | CODESYS Control for PLCnext SL | unaffected |
|
||||||
| CODESYS | CODESYS Control for Raspberry Pi SL | unaffected |
|
||||||
| CODESYS | CODESYS Control for WAGO Touch Panels 600 SL | unaffected |
|
||||||
| CODESYS | CODESYS Virtual Control SL | unaffected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://www.certvde.com/en/advisories/VDE-2026-056/ |
|
History
Tue, 26 May 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges. | |
| Title | Incorrect Authorization in CODESYS Control | |
| First Time appeared |
Codesys
Codesys codesys Control For Beaglebone Sl Codesys codesys Control For Empc A Imx6 Sl Codesys codesys Control For Iot2000 Sl Codesys codesys Control For Linux Arm Sl Codesys codesys Control For Linux Sl Codesys codesys Control For Pfc100 Sl Codesys codesys Control For Pfc200 Sl Codesys codesys Control For Plcnext Sl Codesys codesys Control For Raspberry Pi Sl Codesys codesys Control For Wago Touch Panels 600 Sl Codesys codesys Control Rte For Beckhoff Cx Sl Codesys codesys Control Rte Sl Codesys codesys Control Win Sl Codesys codesys Hmi Sl Codesys codesys Runtime Toolkit Codesys codesys Virtual Control Sl |
|
| Weaknesses | CWE-863 | |
| CPEs | cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:codesys_virtual_control_sl_:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Codesys
Codesys codesys Control For Beaglebone Sl Codesys codesys Control For Empc A Imx6 Sl Codesys codesys Control For Iot2000 Sl Codesys codesys Control For Linux Arm Sl Codesys codesys Control For Linux Sl Codesys codesys Control For Pfc100 Sl Codesys codesys Control For Pfc200 Sl Codesys codesys Control For Plcnext Sl Codesys codesys Control For Raspberry Pi Sl Codesys codesys Control For Wago Touch Panels 600 Sl Codesys codesys Control Rte For Beckhoff Cx Sl Codesys codesys Control Rte Sl Codesys codesys Control Win Sl Codesys codesys Hmi Sl Codesys codesys Runtime Toolkit Codesys codesys Virtual Control Sl |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
Codesys
Subscribe
Codesys Control For Beaglebone Sl
Subscribe
Codesys Control For Empc A Imx6 Sl
Subscribe
Codesys Control For Iot2000 Sl
Subscribe
Codesys Control For Linux Arm Sl
Subscribe
Codesys Control For Linux Sl
Subscribe
Codesys Control For Pfc100 Sl
Subscribe
Codesys Control For Pfc200 Sl
Subscribe
Codesys Control For Plcnext Sl
Subscribe
Codesys Control For Raspberry Pi Sl
Subscribe
Codesys Control For Wago Touch Panels 600 Sl
Subscribe
Codesys Control Rte For Beckhoff Cx Sl
Subscribe
Codesys Control Rte Sl
Subscribe
Codesys Control Win Sl
Subscribe
Codesys Hmi Sl
Subscribe
Codesys Runtime Toolkit
Subscribe
Codesys Virtual Control Sl
Subscribe
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published:
Updated: 2026-05-26T06:46:47.189Z
Reserved: 2026-05-06T17:10:12.759Z
Link: CVE-2026-8046
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses