An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.