CVE-2026-0393— CODESYS Visualization - Insufficiently Protected Credentials
Possible ATT&CK Techniques 1AI
T1528 · Steal Application Access TokenAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CODESYS | Visualization | 1.0.0.0< 4.10.0.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-0393
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CODESYS Visualization - Insufficiently Protected Credentials
Source: NVD (National Vulnerability Database)
Vulnerability Description
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的凭证保护机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
CODESYS Visualization 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CODESYS Visualization是德国CODESYS公司的一个功能模块,把程序运行状态变成可视化界面。 CODESYS Visualization存在安全漏洞,该漏洞源于身份验证数据隔离不足,可能导致低权限可视化用户在并发登录操作期间远程暴露凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CODESYS | Visualization | 1.0.0.0 ~ 4.10.0.0 | - |
II. Public POCs for CVE-2026-0393
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-0393
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-0393 (1)
IV. Related Vulnerabilities
Same vendor: CODESYS
- CVE-2026-8047
Out-of-bounds Write in CODESYS Control - CVE-2026-8046
Incorrect Authorization in CODESYS Control - CVE-2026-44469
Incorrect Default Permissions in CODESYS Development System - CVE-2026-44468
Incorrect Default Permissions in CODESYS Development System - CVE-2026-35227
Improper resource management in CODESYS Modbus TCP Server
Same weakness: CWE-522
- CVE-2024-47271
Synology Surveillance Station 凭证保护不足漏洞 - CVE-2026-2255
Hitachi Vantara Pentaho Data Integration & Analytics - Insuf - CVE-2026-9395
Besen BS20 EV Charging Station BLE/UDP insufficiently protec - CVE-2026-6345
Prevent password disclosure and force reset during Slack imp - CVE-2025-62312
HCL AION is affected by a vulnerability where basic authoriz
V. Comments for CVE-2026-0393
No comments yet