#OT #Advisory VDE-2026-018
CODESYS Control V3 - Externally-controlled format string in Auditlog

The CODESYS Control runtime system's CmpAuditLog component allows potentially unauthenticated remote attackers to control the format string of processed log messages. Due to the internal processing logic, the impact is limited to a crash of the CODESYS Control runtime.
#CVE CVE-2026-3509

https://certvde.com/en/advisories/vde-2026-018/

#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-03_vde-2026-018.json