EUVD-2023-41445

Malicious code in bioql PyPI...

EUVD-2023-41444

Malicious code in bioql PyPI...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47385)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...

The vulnerability of the CmpAppForce component in CODESYS software products allows a hacker to trigger a service failure.

The vulnerability of the CmpAppForce component in CODESYS software products is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS

Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit SDK, a software development environment widely used to program and engineer programmable logic controllers PLCs. Exploitation of the discovered...

The vulnerability of the CmpAppForce component in software products from CODESYS and Schneider Electric allows a hacker to trigger a service failure.

The vulnerability of the CmpAppForce component in CODESYS and Schneider Electric software products is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

CVE-2023-37559

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

CVE-2023-37559

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

CVE-2023-37558 CODESYS Improper Validation of Consistency within Input in multiple products

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...

PT-2023-5006 · 3S Smart Software Solutions · Codesys

Name of the Vulnerable Software and Affected Versions: CODESYS affected versions not specified Description: The issue is related to insufficient input validation in the CmpAppForce component of CODESYS products. This can be exploited by a remote attacker to cause a denial-of-service condition...

The vulnerability of the CmpAppForce component in CODESYS and Schneider Electric software products allows a hacker to execute arbitrary code.

The vulnerability of the CmpAppForce component in CODESYS and Schneider Electric software products relates to the ability to write data beyond the buffer boundaries into memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2022-47385

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution...

CVE-2022-47385

CVE-2022-47385 affects CODESYS V3 runtime components (notably CmpAppForce) across multiple products/versions. After authentication, a crafted request can trigger a stack-based out-of-bounds write in CmpAppForce, risking denial-of-service, memory overwrite, or remote code execution. The related EN...

PT-2023-3473 · Schneider Electric +1 · Schneider Electric +1

Name of the Vulnerable Software and Affected Versions: CODESYS products affected versions not specified Schneider Electric products affected versions not specified Description: The issue is related to a stack-based out-of-bounds write vulnerability in the CmpAppForce Component. This vulnerability...