CODESYS Security

As machines and plants are more and more interconnected via Internet, protection against cyberattacks is of vital importance. Security is therefore an issue of high priority to the CODESYS Group, and it constitutes an integral part of our development process.

The Security functions integrated in the CODESYS products are permanently updated and extended. All CODESYS software components are regularly checked to detect potential vulnerabilities. Moreover, the CODESYS Group commits to resolve verified vulnerabilities within a reasonable period of time. Our Security Whitepaper (PDF) will provide you with important information on the topic of CODESYS Security.

Report vulnerabilities!

Help us make CODESYS software products as secure as possible. If you detect a potential vulnerability having direct or indirect effect on a CODESYS software product, please report it using the online form (encrypted via https) or send an e-mail to the CODESYS Security team (security@codesys.com). Our Coordinated Disclosure Policy (PDF) gives you all relevant information on how to report vulnerabilities and on how the CODESYS Group handles reported vulnerabilities.

The table hereunder shows all Security advisories published by the CODESYS Group. These advisories provide essential information on known vulnerabilities including possible workarounds and available Security updates. It is up to the device manufacturers’ technical assessment if and when to implement the recommended updates.

CODESYS Security Advisories

Last update Advisory-number Advisory
13.11.2018 2018-11 Security update for CODESYS V3 TCP communication driver
23.10.2018 2018-09 Security update for CODESYS Development System V3 Alarm configuration
13.11.2018 2018-08 Security update for CODESYS Control V3 TLS socket communication
13.11.2018 2018-07 Security update for CODESYS Control V3 Trace Manager
11.07.2018 2018-06 Security update for CODESYS Control V3 and CODESYS HMI V3 - OpenSSL update
11.07.2018 2018-05 Security update for CODESYS V3 web server
11.07.2018 2018-04 Security update for CODESYS V2 and V3 runtime systems
15.03.2018 2018-03 Security update for CODESYS SVN - OpenSSL update
11.07.2018 2018-02 Security update for CODESYS Control V3 OPC UA Server
02.02.2018 2018-01 Security update for CODESYS V2.3 web server
20.12.2017 2017-09 Security update for CODESYS V3 web server
15.03.2018 2017-08 Security update for CODESYS SVN - Apache Subversion® update
20.12.2017 2017-07 Security update for CODESYS Control V3 OPC UA Server
13.07.2017 2017-06 Security update for various CODESYS V3 products using the CODESYS UDP communication protocol
13.07.2017 2017-05 Security update for HMAC signature check in CODESYS Control V3
13.07.2017 2017-04 Security update for several CODESYS V3 products installation setup
13.07.2017 2017-03 Security update for various CODESYS V3 products using the CODESYS communication protocol
26.04.2017 2017-02 Security update for CODESYS SVN - OpenSSL update
20.03.2017 2017-01 Security update for CODESYS Control V3 OPC UA Server
14.02.2017 2016-03 Security update for several CODESYS products using pthreads DLL
26.04.2017 2016-02 Security update for CODESYS SVN - Apache Subversion update
26.04.2017 2016-01 Security update for CODESYS V2.3 web server

For questions concerning Security issues or if you wish to report vulnerabilities or irregularities, please use the form below (encrypted via https).
If you wish to receive a feedback, please make sure to fill in your e-mail address.

Security report

Please take note of our privacy policy.

Security area for OEM customers / customer portal

This area is reserved for device manufacturers that are direct customers of the CODESYS Group.
Registration requires a valid customer ID number.

Security area for our OEM customers