CVE-2019-9008

An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime...

CVE-2019-19789

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference...

CVE-2019-19789

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference...

Design/Logic Flaw

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash...

CVE-2019-9009

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash...

Design/Logic Flaw

An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime...

CVE-2019-9008

CVE-2019-9008 concerns 3S-Smart CODESYS V3 online user management with the CmpUserMgr component. Affected products (prior to version 3.5.13.0) may suffer Incorrect Permission Assignment for Critical Resource , allowing an authenticated remote attacker to access or manipulate restricted functional...

CVE-2019-9012

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.2...

Design/Logic Flaw

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.2...

CVE-2019-9010

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of...

CVE-2019-9013

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component a...

CVE-2015-6484

CVE-2015-6484 affects 3S-Smart Software Solutions GmbH’s CODESYS Gateway Server up to version 2.3.9.47 (prior to 2.3.9.48). The vulnerability is a NULL pointer dereference triggered by processing certain HTTP requests (GET/POST), which can cause the server process to crash and result in a denial ...

CVE-2015-6482

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted request...

Null pointer dereference

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted request...

CVE-2015-6482

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted request...

CVE-2015-6482

CVE-2015-6482 affects 3S-Smart CODESYS Runtime Toolkit prior to version 2.4.7.48 and CODESYS prior to 2.3.9.48. The vulnerability is a NULL pointer dereference that can be triggered by a crafted request, enabling remote denial of service (application crash). Public sources in the connected set co...

CVE-2015-6460

Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode 1 0x3ef or 2 0x3f0...

CVE-2015-6460

Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode 1 0x3ef or 2 0x3f0...