Lucene search

K

Panels Security Vulnerabilities

cve
cve

CVE-2024-5000

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-04 09:15 AM
13
cve
cve

CVE-2023-6357

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the...

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
18
cve
cve

CVE-2022-4046

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the...

8.8CVSS

8.8AI Score

0.001EPSS

2023-08-03 01:15 PM
13
cve
cve

CVE-2023-37555

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
15
cve
cve

CVE-2023-37557

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service...

6.5CVSS

6.5AI Score

0.0004EPSS

2023-08-03 12:15 PM
23
cve
cve

CVE-2023-37551

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via...

6.5CVSS

6.6AI Score

0.0005EPSS

2023-08-03 12:15 PM
19
cve
cve

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-08-03 12:15 PM
21
cve
cve

CVE-2023-37553

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
11
cve
cve

CVE-2023-37549

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37552

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37556

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
12
cve
cve

CVE-2023-37550

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
21
cve
cve

CVE-2023-37559

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-08-03 12:15 PM
16
cve
cve

CVE-2023-37554

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
13
cve
cve

CVE-2023-37547

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37546

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37548

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37545

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 11:15 AM
32
cve
cve

CVE-2022-47393

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service...

6.5CVSS

7.3AI Score

0.001EPSS

2023-05-15 11:15 AM
25
cve
cve

CVE-2022-47392

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service...

6.5CVSS

7.2AI Score

0.001EPSS

2023-05-15 11:15 AM
21
cve
cve

CVE-2022-47388

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
17
cve
cve

CVE-2022-47387

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
19
cve
cve

CVE-2022-47390

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
15
cve
cve

CVE-2022-47391

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of...

7.5CVSS

7.8AI Score

0.002EPSS

2023-05-15 10:15 AM
20
cve
cve

CVE-2022-47389

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
18
cve
cve

CVE-2022-47379

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
22
cve
cve

CVE-2022-47382

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
21
cve
cve

CVE-2022-47380

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
18
cve
cve

CVE-2022-47383

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
17
cve
cve

CVE-2022-47381

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
19
cve
cve

CVE-2022-47378

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service...

6.5CVSS

6.9AI Score

0.001EPSS

2023-05-15 10:15 AM
26
cve
cve

CVE-2022-22508

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific...

4.3CVSS

4.5AI Score

0.001EPSS

2023-05-15 10:15 AM
23
cve
cve

CVE-2022-47385

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
17
cve
cve

CVE-2022-47386

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
27
cve
cve

CVE-2022-47384

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
19
cve
cve

CVE-2022-4224

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the...

8.8CVSS

8.3AI Score

0.002EPSS

2023-03-23 12:15 PM
27
cve
cve

CVE-2022-40227

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Upd...

7.5CVSS

7.4AI Score

0.002EPSS

2022-10-11 11:15 AM
32
5
cve
cve

CVE-2015-7227

The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit...

6.5AI Score

0.001EPSS

2022-10-03 04:15 PM
22
cve
cve

CVE-2011-4510

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible...

5.7AI Score

0.002EPSS

2022-10-03 04:15 PM
21
cve
cve

CVE-2011-4511

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible...

5.7AI Score

0.002EPSS

2022-10-03 04:15 PM
23
cve
cve

CVE-2011-4508

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication...

6.8AI Score

0.004EPSS

2022-10-03 04:15 PM
32
cve
cve

CVE-2011-4513

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file,...

7.8AI Score

0.009EPSS

2022-10-03 04:15 PM
19
cve
cve

CVE-2011-4512

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows...

6.9AI Score

0.002EPSS

2022-10-03 04:15 PM
22
cve
cve

CVE-2011-4514

The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote...

6.6AI Score

0.004EPSS

2022-10-03 04:15 PM
26
cve
cve

CVE-2011-4509

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator...

6.7AI Score

0.004EPSS

2022-10-03 04:15 PM
33
cve
cve

CVE-2022-30791

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not...

7.5CVSS

7.4AI Score

0.001EPSS

2022-07-11 11:15 AM
37
4
cve
cve

CVE-2022-30792

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not...

7.5CVSS

7.4AI Score

0.001EPSS

2022-07-11 11:15 AM
20
2
cve
cve

CVE-2022-22515

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected...

8.1CVSS

8.2AI Score

0.001EPSS

2022-06-01 12:00 AM
59
cve
cve

CVE-2022-22518

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security...

6.5CVSS

6.4AI Score

0.001EPSS

2022-04-07 07:15 PM
45
cve
cve

CVE-2022-22519

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime...

7.5CVSS

7.7AI Score

0.003EPSS

2022-04-07 07:15 PM
99
Total number of security vulnerabilities91