Design/Logic Flaw

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog...

CVE-2023-3663

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server...

CVE-2023-3662

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context...

Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...

Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...

CODESYS Development System Security Vulnerability

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3s-smart Software Solutions, Germany. A security vulnerability exists in CODESYS Development System versions prior to 3.5.19.20, which stem...

CODESYS Development System Code Issue Vulnerability

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3s-smart Software Solutions, Germany. A code issue vulnerability exists in CODESYS Development System versions 3.5.17.0 through 3.5.19.20,...

CODESYS Development System Data Falsification Issue Vulnerability

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3s-smart Software Solutions, Germany. A data forgery vulnerability exists in CODESYS Development System versions 3.5.11.20 through 3.5.19.2...

PT-2023-5668 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions prior to 3.5.19.20 Description: The issue is related to a missing Brute-Force protection in the CODESYS Development System, which allows a local attacker to have unlimited attempts at guessing the password...

PT-2023-25635 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.17.0 through 3.5.19.20 Description: A vulnerability in the CODESYS Development System allows for the execution of binaries from the current working directory in the user's context. Recommendations: For...

CVE-2023-3670

CVE-2023-3670 affects CODESYS Development System versions 3.5.9.0–3.5.17.0 and CODESYS Scripting 4.0.0.0–4.1.0.0. The issue arises from unsafe directory permissions that allow a locally authenticated attacker to place malicious scripts which can be executed by legitimate users, potentially escala...

3s-smart Software Solutions CODESYS Development System 安全漏洞

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for use in the field of industrial controllers and automation technology from 3s-smart Software Solutions, Germany. A security vulnerability exists in the CODESYS Development System that stems from an insecure...

PT-2023-25687 · 3S Smart Software Solutions · Codesys Development System +1

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.9.0 through 3.5.17.0 CODESYS Scripting versions 4.0.0.0 through 4.1.0.0 Description: The issue is related to unsafe directory permissions in the affected software. This could allow an attacker with loca...

The vulnerability of the EnginePlugin plugin of the Application Programming Platform PLC CODESYS Development System allows a perpetrator to execute any command they desire.

The vulnerability of the EnginePlugin plugin of the PLK CODESYS Development System is related to the deserialization of unreliable data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

The vulnerability of the Project.get_MissingTypes() function in the ObjectManager plugin of the PLK CODESYS Development System application programming interface allows a attacker to execute any command they desire.

The vulnerability of the Project.getMissingTypes function in the ObjectManager plugin of the PLK CODESYS Development System lies in the deserialization of unreliable data. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

The vulnerability of the ComponentModel Profile.FromFile() function in the application programming complex of the PLC CODESYS Development System allows a perpetrator to execute arbitrary commands.

The vulnerability of the ComponentModel Profile.FromFile function in the CODESYS Development System application framework is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

The vulnerability of the ExtensionMethods.Clone() function in the application programming complex of the CODESYS Development System allows a perpetrator to execute arbitrary commands.

The vulnerability of the ExtensionMethods.Clone function in the application programming complex of the CODESYS Development System is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary commands using a specially created...

The vulnerability of the ComponentManager.StartupCultureSettings component of the CODESYS Development System application programming framework allows a attacker to execute arbitrary commands.

The vulnerability of the ComponentManager.StartupCultureSettings component in the CODESYS Development System application development framework is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

CVE-2022-4048

Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application...

CVE-2022-4048

CVE-2022-4048 affects CODESYS Development System V3, prior to 3.5.18.40. The issue is inadequate encryption strength in the runtime/boot code, allowing an unauthenticated local attacker to access and manipulate the encrypted boot application’s code, compromising confidentiality and integrity. Pub...