Skip to main

Vulnerabilities in CODESYS V2 runtime systems


Advisory Information


The control systems SYNAX, Visual Motion, IndraLogic, IndraMotion MTX, IndraMotion MLC and IndraMotion MLD contain PLC technology from CODESYS GmbH. The manufacturer CODESYS GmbH published a security bulletin (1) about a weakness in the protocol for the communication between the PLC runtime and clients. By exploiting the vulnerability, attackers can send crafted communication packets which may result in a denial of service condition or allow in worst case remote code execution.

Affected Products

  • Rexroth IndraLogic <= 04VRS
  • Rexroth IndraMotion MLC <= 04VRS
  • Rexroth IndraMotion MLD <= MPH 17VRS
  • Rexroth IndraMotion MTX >= 02VRS
  • Rexroth IndraMotion MTX <= 12VRS
  • Rexroth SYNAX >= 11VRS
  • Rexroth SYNAX <= 13VRS
  • Rexroth Visual Motion 11VRS

Solution and Mitigations

Use of Security Certified ctrlX CORE

Use of ctrlX CORE as security gateway for protection of the affected products or replace the affected products  with ctrlX Core.

Compensatory Measures

If the solutions in 4.1 are not applicable, compensatory measures are recommended which mitigate the risk.. Always define such compensatory measures individually, in the context of the operational environment. Some measures are described in the “Security Guideline Electric Drives and Controls”, for example the network segmentation (please see (2)). In general, it is mandatory to implement the measures described in the “Security Guideline Electric Drives and Controls”.

Vulnerability Details


CVE description: CODESYS V2 runtime system SP before has a Heap-based Buffer Overflow.


CVE description: CODESYS V2 runtime system before has Improper Input Validation.


CVE description: CODESYS V2 runtime system SP before has a Stack-based Buffer Overflow.


Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: .

Revision History

  • 09 Jul 2021: Initial Publication