Filtered by vendor Codesys
Subscribe
Total
125 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30192 | 1 Codesys | 1 V2 Web Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. | |||||
CVE-2021-29240 | 1 Codesys | 1 Development System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. | |||||
CVE-2021-33485 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | |||||
CVE-2021-30189 | 1 Codesys | 1 V2 Web Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. | |||||
CVE-2021-21866 | 1 Codesys | 1 Development System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-30190 | 1 Codesys | 1 V2 Web Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. | |||||
CVE-2021-21863 | 1 Codesys | 1 Development System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-21868 | 1 Codesys | 1 Codesys | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-33486 | 1 Codesys | 1 Runtime Toolkit | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. | |||||
CVE-2021-36765 | 1 Codesys | 1 Ethernetip | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system. | |||||
CVE-2021-21869 | 1 Codesys | 1 Codesys | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-30193 | 1 Codesys | 1 V2 Web Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. | |||||
CVE-2021-30187 | 1 Codesys | 1 Runtime Toolkit | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | |||||
CVE-2021-30191 | 1 Codesys | 1 V2 Web Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. | |||||
CVE-2021-30186 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | |||||
CVE-2021-21864 | 1 Codesys | 1 Development System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-29238 | 1 Codesys | 1 Automation Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). | |||||
CVE-2021-30194 | 1 Codesys | 1 V2 Web Server | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. | |||||
CVE-2021-29239 | 1 Codesys | 1 Development System | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | |||||
CVE-2021-21865 | 1 Codesys | 1 Development System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. |