Runtime Security Vulnerabilities

CVE-2022-22519

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime...

CVE-2022-22513

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a...

CVE-2022-22514

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If...

CVE-2022-22517

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be...

CVE-2020-25178

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...

CVE-2020-25176

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated...

CVE-2020-25184

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could...

CVE-2020-25180

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...

CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2022-21822

NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system...

CVE-2022-21707

wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations,.....

CVE-2021-23218

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of...

CVE-2021-41057

In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking...

CVE-2021-34593

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing.....

CVE-2021-34595

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory...

CVE-2021-34596

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service...

CVE-2021-40684

Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running.....

CVE-2021-39228

Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using patch or merge on state and assign the result back to state. In this case, affected versions of Tremor and the tremor-script.....

CVE-2021-40142

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a...

CVE-2021-35940

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same...

CVE-2021-36763

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External...

CVE-2021-33486

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional...

CVE-2021-33485

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer...

CVE-2021-28830

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace,....

CVE-2021-23275

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO...

CVE-2021-30188

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer...

CVE-2021-30186

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer...

CVE-2021-30195

CODESYS V2 runtime system before 2.4.7.55 has Improper Input...

CVE-2021-30187

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS...

CVE-2021-25662

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels...

CVE-2021-27384

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels...

CVE-2021-27383

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels...

CVE-2021-25660

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels...

CVE-2021-27385

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels...

CVE-2021-25661

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels...

CVE-2021-27386

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels...

CVE-2021-29241

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service...

CVE-2021-29242

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication...

CVE-2021-28827

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver...

CVE-2021-29445

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29446

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29444

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then.....

CVE-2020-35859

An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory...

CVE-2020-7544

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal...

CVE-2020-12510

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for.....

CVE-2020-10746

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update,...

CVE-2020-11637

A memory leak in the TFTP service in B&R Automation Runtime...

CVE-2020-15806

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory...

CVE-2020-7592

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile...