CVE-2019-13548

CVE-2019-13548 affects the CODESYS V3 web server (CmpWebServer) included in CODESYS Control runtimes prior to version 3.5.14.10. The vulnerability is a stack-based buffer overflow triggered by specially crafted HTTP/HTTPS requests, enabling a remote attacker to cause a denial of service and, in s...

CVE-2019-13532

The CVE applies to the CODESYS V3 web server (CmpWebServer) used in multiple CODESYS runtime products. Affected: all versions prior to 3.5.14.10 of the CODESYS V3 web server. Root cause: path traversal via specially crafted HTTP/HTTPS requests that may allow access to files outside the restricted...

CVE-2022-22519

The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...

CVE-2020-10245

CVE-2020-10245 concerns the CODESYS V3 web server (used in CODESYS Control runtime systems) with a heap-based buffer overflow in the web server handling path. Public sources in the connected documents confirm the issue affects CODESYS V3 web server before 3.5.15.40, enabling a remote attacker to ...

CVE-2022-22515

CVE-2022-22515 affects the CODESYS Control runtime system. A remote, authenticated attacker could use the control program to read and modify the affected product’s configuration files. The available documents describe the impact (unauthorized read/write of config files) and the attack path but do...

CVE-2022-22514

CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...

CVE-2022-22517

CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...

CVE-2022-22513

CVE-2022-22513 affects CODESYS products; an authenticated remote attacker can trigger a null pointer dereference in the CmpSettings component, causing a crash. The available connected documents describe the vulnerability class and impact (crash) but do not publish concrete affected versions or a ...

CVE-2022-30791

CODESYS V3 contains a vulnerability in the CmpBlkDrvTcp component where uncontrolled resource consumption can cause the system to block new TCP connections. Existing connections remain unaffected. This CVE-2022-30791 entry is corroborated by multiple sources (e.g., NVD), but the connected documen...

CVE-2021-29241

CVE-2021-29241 affects CODESYS Gateway V3 prior to version 3.5.16.70. The vulnerability is a NULL pointer dereference in the CmpGateway component that can lead to a denial-of-service condition. Several sources corroborate the issue and its association with the Gateway V3 product line (3S‑Smart/CO...

CVE-2019-18858

CODESYS V3 web server (distributed with CODESYS Control runtime systems) is affected by a heap/buffer overflow before version 3.5.15.20. The issue arises from improper validation in the web server URL handling, allowing remote, unauthenticated attackers to crash or potentially overwrite memory. M...

CVE-2022-22518

CVE-2022-22518 describes a bug in the Schneider Electric CmpUserMgr component (as used in CODESYS V3) where a security policy is not fully applied. The underlying cause is an error in CmpUserMgr that can allow enabled, anonymous access to components that are part of the applied security policy. T...

CVE-2022-47392

CVE-2022-47392 affects the CODESYS runtime components CmpApp , CmpAppBP , and CmpAppForce . After successful authentication, specially crafted requests with inconsistent content can cause the components to read from an invalid address, leading to a potential denial-of-service condition. The CVSS ...

CVE-2022-47386

CVE-2022-47386 involves a stack-based out-of-bounds write in the CmpTraceMgr component of CODESYS V3. The vulnerability affects multiple CODESYS products/versions and, after authentication, specifically crafted requests can write attacker-controlled data to the stack, potentially causing a denial...

CVE-2023-37545

CVE-2023-37545 affects multiple Codesys products; after successful user authentication, crafted network requests can make CmpApp read from an invalid address, potentially causing a denial-of-service. No connected documents provide concrete version/product remediation details in this dataset.

CVE-2023-37555

Technical details about CVE-2023-37555 are not publicly available in the provided connected documents. The initial description mentions a possible DoS via CmpAppBP but no vendor/product/version specifics or fixes are given here. Monitor for updates.

CVE-2021-29242

CODESYS Control Runtime system prior to version 3.5.17.0 is affected by an input-validation weakness. A remote attacker can send crafted communication packets to change the router’s addressing scheme and may re-route, add, remove or alter low‑level communication packages. This CVE is documented w...

CVE-2020-15806

CVE-2020-15806 affects the CODESYS Control runtime system before 3.5.16.10. The issue is Uncontrolled Memory Allocation, which can cause the runtime to crash and, per linked sources, may lead to a denial of service. Technical details in the connected documents confirm the vulnerable component and...

CVE-2021-33485

The CVE-2021-33485 entry affects CODESYS Control Runtime System prior to version 3.5.17.10, where a heap-based buffer overflow is reported. Public sources consistently describe the vulnerability as a remote condition in the CODESYS Control Runtime, with the NVD metrics indicating network-based ac...

CVE-2022-47378

CVE-2022-47378 affects CODESYS V3 across multiple versions and is due to improper input validation in the communication stack. After successful authentication, specially crafted requests can cause the CmpFiletransfer component to read from an invalid address, potentially leading to a denial-of-se...

CVE-2022-47379

CVE-2022-47379 is a stack-based/out-of-bounds write vulnerability in the CMPapp component across multiple CODESYS V3 products. After authentication, crafted requests can write data to memory, potentially causing denial-of-service, memory overwriting, or remote code execution. Public sources note ...

CVE-2022-47393

CVE-2022-47393 affects Codesys V3 where the CmpFileTransfer component can be abused after authentication via untrusted pointer dereference, potentially causing a denial-of-service. The cited sources assign a CVSS v3.1 base score of 6.5 (vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Affected produ...

CVE-2022-47382

CVE-2022-47382 involves an authenticated remote stack-based out-of-bounds write in the CMP TraceMgr component of CODESYS V3, enabling denial-of-service, memory overwrite, or remote code execution across multiple versions. The ICSA/CISA advisories and related analyses confirm exploitation requires...

CVE-2022-47381

CVE-2022-47381 affects the CMPapp component in CODESYS V3 (stack-based buffer overflow). After authentication, crafted requests can cause the CMPapp to write to memory/stack, enabling DoS, memory overwriting, or remote code execution. Rockwell/CODESYS mitigations: upgrade to CODESYS 3.5.19.2 or n...

CVE-2023-37550

CVE-2023-37550 affects multiple Codesys products; after successful user authentication, crafted network requests can cause the CmpApp component to read from an invalid address, potentially causing a denial-of-service. CVSSv3.1 base score 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). No explicit reme...

CVE-2022-47387

CVE-2022-47387 is a stack-based out-of-bounds write in the CmpTraceMgr component of CODESYS V3. After authentication, crafted requests can write to the stack, enabling Denial-of-Service, memory overwriting, or remote code execution. Additional related CVEs (47378–47390, 47392–47393) in the same C...

CVE-2023-37557

CVE-2023-37557 affects multiple Codesys products via the CmpAppBP (and related components) in the Codesys Runtime System. After user authentication, specially crafted remote network requests can cause CmpAppBP to overwrite a heap-based buffer, potentially leading to a denial-of-service condition....

CVE-2020-7052

CVE-2020-7052 affects CODESYS Control V3, Gateway V3 and HMI V3 before 3.5.15.30. The issue is uncontrolled memory allocation that can lead to a remote denial of service. The connected sources reiterate the same affected products and condition; no explicit patch/version details are provided in th...

CVE-2022-47384

CVE-2022-47384 affects CODESYS V3 CMPtraceMgr (and related stack-based overflow variants) across multiple products. After authentication, crafted requests can cause a stack-based out-of-bounds write, enabling denial of service, memory corruption, or remote code execution. Public discussions and a...

CVE-2022-47390

CVE-2022-47390 affects CODESYS V3 CMPTraceMgr (and related Stack-based buffer overflow family in the V3 runtime). After authentication, crafted CMPTraceMgr requests can write to the stack, enabling DoS, memory overwriting, or remote code execution per the connected advisories. Affected releases a...

CVE-2021-36763

CVE-2021-36763 affects the CODESYS V3 web server prior to version 3.5.17.10. The vulnerability allows files or directories to be accessible to external parties. According to NVD/Red Hat entries, this is a web-server exposure issue in the CODESYS ecosystem, with CVSS data indicating Confidentialit...

CVE-2022-47388

CVE-2022-47388 affects CODESYS V3, specifically the CMP TraceMgr component, where an authenticated remote attacker can trigger a stack-based out-of-bounds write to write attacker-controlled data to the stack. This can lead to denial-of-service, memory overwrite, or remote code execution across mu...

CVE-2022-47389

CVE-2022-47389 is a stack-based out-of-bounds write vulnerability in the CMPTraceMgr component of CODESYS V3, exploitable after authentication and capable of causing DoS, memory overwriting, or remote code execution across multiple products/versions. Connected sources corroborate that this family...

CVE-2023-37558

CVE-2023-37558 affects multiple Codesys products using the CODESYS Runtime System (RTS). After user authentication, specially crafted network requests with inconsistent content can cause the CmpAppForce component to read from an invalid address, potentially enabling a denial-of-service condition....

CVE-2022-22508

CVE-2022-22508 affects multiple CODESYS V3 products; root cause is improper input validation. An authenticated remote attacker can block consecutive logins of a specific type (impact is availability loss). The exact affected products, versions, exploit details, and remediation are not specified i...

CVE-2022-47380

CVE-2022-47380 describes a stack-based out-of-bounds write in CMPapp (and related CMP components) within CODESYS V3 across multiple versions. After authentication, crafted requests can write to stack memory, enabling denial-of-service, memory overwriting, or remote code execution. Connected sourc...

CVE-2022-47383

CVE-2022-47383 refers to a stack-based out-of-bounds write in the CmpTraceMgr component of CODESYS V3. After authentication, crafted requests can write to the stack, enabling potential denial of service, memory corruption, or remote code execution. Several connected sources corroborate that this ...

CVE-2022-47385

CVE-2022-47385 affects CODESYS V3 runtime components (notably CmpAppForce) across multiple products/versions. After authentication, a crafted request can trigger a stack-based out-of-bounds write in CmpAppForce, risking denial-of-service, memory overwrite, or remote code execution. The related EN...

CVE-2023-37546

The CVE-2023-37546 entry concerns multiple Codesys products (in multiple versions) where, after successful user authentication, crafted network requests with inconsistent content can cause the CmpApp component to read from an invalid address, potentially leading to a denial-of-service. The impact...

CVE-2023-37556

In CVE-2023-37556, multiple Codesys products are affected. After user authentication, specifically crafted network requests with inconsistent content can cause the CmpAppBP component to read from an invalid address, potentially leading to a denial-of-service. The vulnerability is within the Codes...

CVE-2020-12068

CVE-2020-12068 affects CODESYS Development System prior to 3.5.16.0, with WebVisu and Remote TargetVisu susceptible to privilege escalation. The issue can be exploited remotely over the network with low attack complexity and no authentication required, enabling an attacker to escalate privileges ...

CVE-2022-30792

CVE-2022-30792 concerns CODESYS V3’s CmpChannelServer, where an uncontrolled resource consumption flaw allows an unauthorized attacker to block new communication channel connections. The impact is limited to availability (existing connections remain functional), with CVSS indicating high impact (...

CVE-2023-37547

CVE-2023-37547 affects multiple Codesys products using the Codesys Runtime System. After successful user authentication, crafted network requests with inconsistent content can cause CmpApp to read from an invalid address, potentially resulting in a denial-of-service. The description also referenc...

CVE-2022-47391

CVE-2022-47391 affects CODESYS V3 runtimes (CMPDevice component) across multiple versions. An unauthenticated, remote attacker can trigger improper input validation to read invalid addresses, causing a denial of service. Microsoft’s and Nessus-related materials corroborate DoS potential in CODESY...

CVE-2023-37548

CVE-2023-37548 affects multiple Codesys products; after successful user authentication, crafted network requests with inconsistent content can cause the CmpApp component to read from an invalid address, potentially leading to a denial-of-service. Root cause: improper handling of crafted input in ...

CVE-2023-37551

The CVE-2023-37551 issue affects Codesys products where, after user authentication, crafted requests can use the CmpApp component to download files with arbitrary extensions to the controller, bypassing type filtering and potentially compromising the CODESYS Runtime integrity. The attack paths de...

CVE-2023-37559

CVE-2023-37559 affects multiple Codesys products that use the CODESYS Runtime System. The issue allows an authenticated user to send crafted network requests that cause the CmpAppForce (and related CmpAppBP) components to read from invalid memory addresses, potentially enabling a denial‑of‑servic...

CVE-2023-37552

Technical details for CVE-2023-37552 are not provided in the supplied documents; no specific affected products, root cause, or remediation are present. Monitor for updates from official advisories.

CVE-2023-37554

CVE-2023-37554 concerns multiple Codesys products where, after user authentication, crafted network requests to the CmpAppBP/CmpApp component can cause reads from an invalid address, potentially resulting in denial-of-service. The issue is reported across multiple Codesys versions; it is distinct...

CVE-2022-4046

CVE-2022-4046 – CODESYS Control runtime : Affected multiple versions of the CODESYS Control runtime (as used in ABB drives with CODESYS RTS). The issue is an improper restriction of operations within a memory buffer, enabling a remote attacker with user privileges to gain full access to the devic...