CVE-2023-37551 CODESYS Files or Directories Accessible to External Parties in CmpApp

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfe...

CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device...

CVE-2022-22516

The CVE-2022-22516 entry concerns the SysDrv3S driver in the CODESYS Control runtime system on Windows, where a local attacker can read and write within restricted memory space. The connected records confirm the affected component (SysDrv3S driver) and the underlying issue enabling memory-space a...

PT-2022-15485 · 3S Smart Software Solutions · Codesys Control Runtime System

Name of the Vulnerable Software and Affected Versions: CODESYS Control runtime system affected versions not specified Description: The issue allows any system user to read and write within restricted memory space due to a problem in the SysDrv3S driver. Recommendations: At the moment, there is no...

CVE-2021-36765

In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system...