Lucene search
+L
CodesysControl Runtime System Toolkit

11 matches found

CVE
CVE
added 2019/09/13 4:58 p.m.264 views

CVE-2019-13532

The CVE applies to the CODESYS V3 web server (CmpWebServer) used in multiple CODESYS runtime products. Affected: all versions prior to 3.5.14.10 of the CODESYS V3 web server. Root cause: path traversal via specially crafted HTTP/HTTPS requests that may allow access to files outside the restricted...

7.5CVSS7.9AI score0.03178EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.140 views

CVE-2022-22519

The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...

7.5CVSS7.8AI score0.01404EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.104 views

CVE-2022-22514

CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...

7.1CVSS6.9AI score0.00858EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.92 views

CVE-2022-22517

CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...

7.5CVSS7.5AI score0.0127EPSS
CVE
CVE
added 2021/05/03 1:17 p.m.91 views

CVE-2021-29241

CVE-2021-29241 affects CODESYS Gateway V3 prior to version 3.5.16.70. The vulnerability is a NULL pointer dereference in the CmpGateway component that can lead to a denial-of-service condition. Several sources corroborate the issue and its association with the Gateway V3 product line (3S‑Smart/CO...

7.5CVSS7.8AI score0.01418EPSS
CVE
CVE
added 2022/07/11 10:40 a.m.90 views

CVE-2022-30791

CODESYS V3 contains a vulnerability in the CmpBlkDrvTcp component where uncontrolled resource consumption can cause the system to block new TCP connections. Existing connections remain unaffected. This CVE-2022-30791 entry is corroborated by multiple sources (e.g., NVD), but the connected documen...

7.5CVSS7.5AI score0.0083EPSS
CVE
CVE
added 2020/07/22 6:14 p.m.70 views

CVE-2020-15806

CVE-2020-15806 affects the CODESYS Control runtime system before 3.5.16.10. The issue is Uncontrolled Memory Allocation, which can cause the runtime to crash and, per linked sources, may lead to a denial of service. Technical details in the connected documents confirm the vulnerable component and...

7.5CVSS7.5AI score0.02047EPSS
CVE
CVE
added 2021/05/03 1:56 p.m.68 views

CVE-2021-29242

CODESYS Control Runtime system prior to version 3.5.17.0 is affected by an input-validation weakness. A remote attacker can send crafted communication packets to change the router’s addressing scheme and may re-route, add, remove or alter low‑level communication packages. This CVE is documented w...

7.5CVSS7.1AI score0.01066EPSS
CVE
CVE
added 2021/08/03 3:49 p.m.63 views

CVE-2021-36763

CVE-2021-36763 affects the CODESYS V3 web server prior to version 3.5.17.10. The vulnerability allows files or directories to be accessible to external parties. According to NVD/Red Hat entries, this is a web-server exposure issue in the CODESYS ecosystem, with CVSS data indicating Confidentialit...

7.5CVSS7.5AI score0.01014EPSS
CVE
CVE
added 2022/07/11 10:40 a.m.62 views

CVE-2022-30792

CVE-2022-30792 concerns CODESYS V3’s CmpChannelServer, where an uncontrolled resource consumption flaw allows an unauthorized attacker to block new communication channel connections. The impact is limited to availability (existing connections remain functional), with CVSS indicating high impact (...

7.5CVSS7.5AI score0.0083EPSS
CVE
CVE
added 2023/05/15 9:59 a.m.60 views

CVE-2022-47391

CVE-2022-47391 affects CODESYS V3 runtimes (CMPDevice component) across multiple versions. An unauthenticated, remote attacker can trigger improper input validation to read invalid addresses, causing a denial of service. Microsoft’s and Nessus-related materials corroborate DoS potential in CODESY...

7.5CVSS7.5AI score0.01871EPSS