CVE-2026-3509 | CODESYS Control RTE prior 3.5.22.0 format string (VDE-2026-018 / EUVD-2026-14784)
VulDBArchived Mar 24, 2026✓ Full text saved
A vulnerability, which was classified as critical , has been found in CODESYS Control RTE, Control RTE SL, Control Win, Runtime Toolkit, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL . Affected is an unknown function. The manipulation leads to format string.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-352704 · CVE-2026-3509 · VDE-2026-018
CODESYS CONTROL RTE PRIOR 3.5.22.0 FORMAT STRING
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
6.3 $0-$5k 5.59+
Summaryinfo
A vulnerability, which was classified as critical, was found in CODESYS Control RTE, Control RTE SL, Control Win, Runtime Toolkit, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL. Affected by this vulnerability is an unknown functionality. The manipulation results in format string. This vulnerability is cataloged as CVE-2026-3509. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.
Detailsinfo
A vulnerability, which was classified as critical, was found in CODESYS Control RTE, Control RTE SL, Control Win, Runtime Toolkit, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL. Affected is some unknown functionality. The manipulation with an unknown input leads to a format string vulnerability. CWE is classifying the issue as CWE-134. The product uses a function that accepts a format string as an argument, but the format string originates from an external source. This is going to have an impact on availability. CVE summarizes:
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
The advisory is shared for download at certvde.com. This vulnerability is traded as CVE-2026-3509 since 03/04/2026. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.
Upgrading to version 3.5.22.0 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-14784).
Productinfo
Vendor
CODESYS
Name
Control for BeagleBone SL
Control for emPC-A
Control for IOT2000 SL
Control for Linux ARM SL
Control for Linux SL
Control for PFC100 SL
Control for PFC200 SL
Control for PLCnext SL
Control for Raspberry Pi SL
Control for WAGO Touch Panels 600 SL
Control RTE
Control RTE SL
Control Win
iMX6 SL
Runtime Toolkit
Virtual Control SL
License
commercial
CPE 2.3info
🔒
🔒
🔒
CPE 2.2info
🔒
🔒
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3info
VulDB Meta Base Score: 6.4
VulDB Meta Temp Score: 6.3
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 7.5
CNA Vector (CERTVDE): 🔒
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Format string
CWE: CWE-134 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: Control RTE/Control RTE SL/Control Win/Runtime Toolkit/Control for BeagleBone SL/Control for emPC-A/iMX6 SL/Control for IOT2000 SL/Control for Linux ARM SL/Control for Linux SL/Control for PFC100 SL/Control for PFC200 SL/Control for PLCnext SL/Control for Raspberry Pi SL/Control for WAGO Touch Panels 600 SL/Virtual Control SL 3.5.22.0
Timelineinfo
03/04/2026 CVE reserved
03/24/2026 +20 days Advisory disclosed
03/24/2026 +0 days VulDB entry created
03/24/2026 +0 days VulDB entry last update
Sourcesinfo
Advisory: VDE-2026-018
Status: Confirmed
CVE: CVE-2026-3509 (🔒)
GCVE (CVE): GCVE-0-2026-3509
GCVE (VulDB): GCVE-100-352704
EUVD: 🔒
Entryinfo
Created: 03/24/2026 09:42
Updated: 03/24/2026 10:32
Changes: 03/24/2026 09:42 (63), 03/24/2026 10:32 (1)
Complete: 🔍
Cache ID: 99:E84:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸