EUVD-2023-41435

Malicious code in bioql PyPI...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Out-of-Bounds Write (CVE-2022-47379)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC20...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47380)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC20...

CVE-2023-37549

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

CVE-2023-37551

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfe...

CVE-2023-37551

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfe...

CVE-2023-37548

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

Design/Logic Flaw

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfe...

CVE-2023-37545

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

CVE-2023-37548 CODESYS: Improper Input Validation in CmpApp component

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

CVE-2023-37546 CODESYS: Improper Input Validation in CmpApp component

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

CVE-2023-37545 CODESYS: Improper Input Validation in CmpApp component

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

CVE-2023-37545 CODESYS: Improper Input Validation in CmpApp component

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

PT-2023-5018 · 3S Smart Software Solutions · Codesys Cmpapp

Name of the Vulnerable Software and Affected Versions: CODESYS CMPapp affected versions not specified Description: The issue is related to insufficient input validation in the CMPapp component of CODESYS software products. This can be exploited by a remote attacker to cause a denial of service...

Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS Control is a suite of industrial control program programming software from 3s-smart Software Solutions GmbH 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact...

PT-2023-5015 · 3S Smart Software Solutions · Codesys Cmpapp

Name of the Vulnerable Software and Affected Versions: CODESYS CMPapp affected versions not specified Description: The issue is related to insufficient input validation in the CMPapp component of CODESYS software products. This can be exploited by a remote attacker to cause a denial of service...

PT-2023-5017 · 3S Smart Software Solutions · Codesys Cmpapp

Name of the Vulnerable Software and Affected Versions: CODESYS CMPapp affected versions not specified Description: The issue is related to insufficient input validation in the CMPapp component of CODESYS software products. This can be exploited by a remote attacker to cause a denial of service...