Filtered by vendor Codesys
Subscribe
Total
125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31805 | 1 Codesys | 10 Development System, Edge Gateway, Gateway and 7 more | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
| In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | |||||
| CVE-2022-31803 | 1 Codesys | 1 Gateway | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. | |||||
| CVE-2022-32136 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required. | |||||
| CVE-2022-32141 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. | |||||
| CVE-2022-31804 | 1 Codesys | 1 Gateway | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. | |||||
| CVE-2022-31802 | 1 Codesys | 1 Gateway | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password. | |||||
| CVE-2022-22510 | 1 Codesys | 1 Profinet | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP. | |||||
| CVE-2021-34585 | 1 Codesys | 1 Codesys | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. | |||||
| CVE-2021-34586 | 1 Codesys | 1 Codesys | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | |||||
| CVE-2021-34583 | 1 Codesys | 1 Codesys | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | |||||
| CVE-2021-34584 | 1 Codesys | 1 Codesys | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | |||||
| CVE-2021-34593 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. | |||||
| CVE-2021-34596 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | |||||
| CVE-2021-34599 | 1 Codesys | 2 Development System, Git | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack. | |||||
| CVE-2021-34595 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
| A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | |||||
| CVE-2021-36764 | 1 Codesys | 1 Gateway | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. | |||||
| CVE-2021-29241 | 1 Codesys | 11 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 8 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | |||||
| CVE-2021-21867 | 1 Codesys | 1 Codesys | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-30188 | 1 Codesys | 1 V2 Runtime System Sp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. | |||||
| CVE-2021-36763 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | |||||