CVE-2022-22519

The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...

CVE-2022-22515

CVE-2022-22515 affects the CODESYS Control runtime system. A remote, authenticated attacker could use the control program to read and modify the affected product’s configuration files. The available documents describe the impact (unauthorized read/write of config files) and the attack path but do...

CVE-2019-9013

CVE-2019-9013 affects 3S-Smart CODESYS V3 products containing CmpUserMgr; the root cause is that credentials may be transported without TLS protection, enabling credential exposure. Affected are multiple CODESYS V3 runtimes and HMI/SDK components across BeagleBone, emPC-A/iMX6, IOT2000, Linux, PF...

CVE-2022-22514

CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...

CVE-2022-22516

The CVE-2022-22516 entry concerns the SysDrv3S driver in the CODESYS Control runtime system on Windows, where a local attacker can read and write within restricted memory space. The connected records confirm the affected component (SysDrv3S driver) and the underlying issue enabling memory-space a...

CVE-2022-22517

CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...

CVE-2022-22513

CVE-2022-22513 affects CODESYS products; an authenticated remote attacker can trigger a null pointer dereference in the CmpSettings component, causing a crash. The available connected documents describe the vulnerability class and impact (crash) but do not publish concrete affected versions or a ...

CVE-2018-10612

CVE-2018-10612 affects 3S-Smart Software Solutions GmbH CODESYS Control V3 products containing CmpSecureChannel or CmpUserMgr prior to version 3.5.14.0. Root cause: user access management and online communication encryption are not enabled by default, creating Improper Access Control and allowing...

CVE-2023-37545

CVE-2023-37545 affects multiple Codesys products; after successful user authentication, crafted network requests can make CmpApp read from an invalid address, potentially causing a denial-of-service. No connected documents provide concrete version/product remediation details in this dataset.

CVE-2023-37555

Technical details about CVE-2023-37555 are not publicly available in the provided connected documents. The initial description mentions a possible DoS via CmpAppBP but no vendor/product/version specifics or fixes are given here. Monitor for updates.

CVE-2018-20026

CVE-2018-20026 affects 3S-Smart Software Solutions CODESYS V3 products prior to V3.5.14.0. The issue is improper restriction of the communication channel to intended endpoints (CWE-923), enabling an authenticated remote attacker to influence communications, potentially reading/modifying configura...

CVE-2022-4224

CVE-2022-4224 affects CODESYS v3 in multiple versions. A remote, low-privilege attacker could read/modify system files and OS resources or cause a DoS. CVSSv3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8). No concrete remediation details are provided in the supplied documents; ex...

CVE-2021-33485

The CVE-2021-33485 entry affects CODESYS Control Runtime System prior to version 3.5.17.10, where a heap-based buffer overflow is reported. Public sources consistently describe the vulnerability as a remote condition in the CODESYS Control Runtime, with the NVD metrics indicating network-based ac...

CVE-2023-37550

CVE-2023-37550 affects multiple Codesys products; after successful user authentication, crafted network requests can cause the CmpApp component to read from an invalid address, potentially causing a denial-of-service. CVSSv3.1 base score 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). No explicit reme...

CVE-2018-20025

CVE-2018-20025 concerns a weakness in CODESYS V3 products prior to version 3.5.14.0 where insufficiently random values are used, impacting confidentiality and integrity. Public disclosures and multiple advisories (NVD entry and ICS/CISA notes) describe risks in the CODESYS Control runtime, web se...

CVE-2023-37557

CVE-2023-37557 affects multiple Codesys products via the CmpAppBP (and related components) in the Codesys Runtime System. After user authentication, specially crafted remote network requests can cause CmpAppBP to overwrite a heap-based buffer, potentially leading to a denial-of-service condition....

CVE-2021-36763

CVE-2021-36763 affects the CODESYS V3 web server prior to version 3.5.17.10. The vulnerability allows files or directories to be accessible to external parties. According to NVD/Red Hat entries, this is a web-server exposure issue in the CODESYS ecosystem, with CVSS data indicating Confidentialit...

CVE-2023-37558

CVE-2023-37558 affects multiple Codesys products using the CODESYS Runtime System (RTS). After user authentication, specially crafted network requests with inconsistent content can cause the CmpAppForce component to read from an invalid address, potentially enabling a denial-of-service condition....

CVE-2023-37546

The CVE-2023-37546 entry concerns multiple Codesys products (in multiple versions) where, after successful user authentication, crafted network requests with inconsistent content can cause the CmpApp component to read from an invalid address, potentially leading to a denial-of-service. The impact...

CVE-2023-37556

In CVE-2023-37556, multiple Codesys products are affected. After user authentication, specifically crafted network requests with inconsistent content can cause the CmpAppBP component to read from an invalid address, potentially leading to a denial-of-service. The vulnerability is within the Codes...

CVE-2023-37547

CVE-2023-37547 affects multiple Codesys products using the Codesys Runtime System. After successful user authentication, crafted network requests with inconsistent content can cause CmpApp to read from an invalid address, potentially resulting in a denial-of-service. The description also referenc...

CVE-2023-37548

CVE-2023-37548 affects multiple Codesys products; after successful user authentication, crafted network requests with inconsistent content can cause the CmpApp component to read from an invalid address, potentially leading to a denial-of-service. Root cause: improper handling of crafted input in ...

CVE-2023-37551

The CVE-2023-37551 issue affects Codesys products where, after user authentication, crafted requests can use the CmpApp component to download files with arbitrary extensions to the controller, bypassing type filtering and potentially compromising the CODESYS Runtime integrity. The attack paths de...

CVE-2023-37559

CVE-2023-37559 affects multiple Codesys products that use the CODESYS Runtime System. The issue allows an authenticated user to send crafted network requests that cause the CmpAppForce (and related CmpAppBP) components to read from invalid memory addresses, potentially enabling a denial‑of‑servic...

CVE-2023-37552

Technical details for CVE-2023-37552 are not provided in the supplied documents; no specific affected products, root cause, or remediation are present. Monitor for updates from official advisories.

CVE-2023-37554

CVE-2023-37554 concerns multiple Codesys products where, after user authentication, crafted network requests to the CmpAppBP/CmpApp component can cause reads from an invalid address, potentially resulting in denial-of-service. The issue is reported across multiple Codesys versions; it is distinct...

CVE-2022-4046

CVE-2022-4046 – CODESYS Control runtime : Affected multiple versions of the CODESYS Control runtime (as used in ABB drives with CODESYS RTS). The issue is an improper restriction of operations within a memory buffer, enabling a remote attacker with user privileges to gain full access to the devic...

CVE-2023-37549

Technical details about CVE-2023-37549 are not provided in the connected documents. Public info mentions a DoS in Codesys CmpApp after authentication, but specifics (affected versions, exploit paths, or fixes) are not disclosed here. Monitor for updates.

CVE-2023-37553

Technical details for CVE-2023-37553 are not publicly available in the provided documents. Monitoring for updates is advised.

CVE-2025-41738

The CVE-2025-41738 entry describes an unauthenticated remote attacker who can cause the CODESYS Control runtime’s visualization server to access a resource using a pointer of the wrong type, potentially causing a denial-of-service (DoS). Across connected sources (Red Hat, CIRCL, NVD, CVE List, EU...