CVE-2021-33486

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions...

CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device...

CVE-2024-41969

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS...

EUVD-2020-4385

Malware in sbrugna...

EUVD-2020-2700

Malware in sbrugna...

EUVD-2019-5003

Malware in sbrugna...

EUVD-2019-18397

Malware in sbrugna...

EUVD-2022-27654

Malicious code in bioql PyPI...

EUVD-2022-52615

Malicious code in bioql PyPI...

EUVD-2024-39347

Malicious code in bioql PyPI...

EUVD-2022-52614

Malicious code in bioql PyPI...

CVE-2022-22508

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type...

CVE-2019-9010

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of...

CVE-2019-13542

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition...

CVE-2019-13532

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller...

CVE-2019-5105

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet...

CVE-2024-41969

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS...

CVE-2024-41969 WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS...

CVE-2024-41969

CVE-2024-41969 affects WAGO devices via a CODESYS V3 configuration service authentication bypass. A low-privilege remote attacker can modify configuration, potentially achieving full system compromise or DoS. Root cause: missing authentication in the CODESYS V3 service. Affected products referenc...

Festo CODESYS V3 Products Use of Password Hash With Insufficient Computational Effort (CVE-2020-12069)

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. This plugin...