19 matches found
CVE-2018-10612
CVE-2018-10612 affects 3S-Smart Software Solutions GmbH CODESYS Control V3 products containing CmpSecureChannel or CmpUserMgr prior to version 3.5.14.0. Root cause: user access management and online communication encryption are not enabled by default, creating Improper Access Control and allowing...
CVE-2022-47392
CVE-2022-47392 affects the CODESYS runtime components CmpApp , CmpAppBP , and CmpAppForce . After successful authentication, specially crafted requests with inconsistent content can cause the components to read from an invalid address, leading to a potential denial-of-service condition. The CVSS ...
CVE-2022-47386
CVE-2022-47386 involves a stack-based out-of-bounds write in the CmpTraceMgr component of CODESYS V3. The vulnerability affects multiple CODESYS products/versions and, after authentication, specifically crafted requests can write attacker-controlled data to the stack, potentially causing a denial...
CVE-2018-20026
CVE-2018-20026 affects 3S-Smart Software Solutions CODESYS V3 products prior to V3.5.14.0. The issue is improper restriction of the communication channel to intended endpoints (CWE-923), enabling an authenticated remote attacker to influence communications, potentially reading/modifying configura...
CVE-2022-47378
CVE-2022-47378 affects CODESYS V3 across multiple versions and is due to improper input validation in the communication stack. After successful authentication, specially crafted requests can cause the CmpFiletransfer component to read from an invalid address, potentially leading to a denial-of-se...
CVE-2022-47379
CVE-2022-47379 is a stack-based/out-of-bounds write vulnerability in the CMPapp component across multiple CODESYS V3 products. After authentication, crafted requests can write data to memory, potentially causing denial-of-service, memory overwriting, or remote code execution. Public sources note ...
CVE-2022-47393
CVE-2022-47393 affects Codesys V3 where the CmpFileTransfer component can be abused after authentication via untrusted pointer dereference, potentially causing a denial-of-service. The cited sources assign a CVSS v3.1 base score of 6.5 (vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Affected produ...
CVE-2022-47382
CVE-2022-47382 involves an authenticated remote stack-based out-of-bounds write in the CMP TraceMgr component of CODESYS V3, enabling denial-of-service, memory overwrite, or remote code execution across multiple versions. The ICSA/CISA advisories and related analyses confirm exploitation requires...
CVE-2022-47381
CVE-2022-47381 affects the CMPapp component in CODESYS V3 (stack-based buffer overflow). After authentication, crafted requests can cause the CMPapp to write to memory/stack, enabling DoS, memory overwriting, or remote code execution. Rockwell/CODESYS mitigations: upgrade to CODESYS 3.5.19.2 or n...
CVE-2022-47387
CVE-2022-47387 is a stack-based out-of-bounds write in the CmpTraceMgr component of CODESYS V3. After authentication, crafted requests can write to the stack, enabling Denial-of-Service, memory overwriting, or remote code execution. Additional related CVEs (47378–47390, 47392–47393) in the same C...
CVE-2022-47384
CVE-2022-47384 affects CODESYS V3 CMPtraceMgr (and related stack-based overflow variants) across multiple products. After authentication, crafted requests can cause a stack-based out-of-bounds write, enabling denial of service, memory corruption, or remote code execution. Public discussions and a...
CVE-2022-47390
CVE-2022-47390 affects CODESYS V3 CMPTraceMgr (and related Stack-based buffer overflow family in the V3 runtime). After authentication, crafted CMPTraceMgr requests can write to the stack, enabling DoS, memory overwriting, or remote code execution per the connected advisories. Affected releases a...
CVE-2022-47388
CVE-2022-47388 affects CODESYS V3, specifically the CMP TraceMgr component, where an authenticated remote attacker can trigger a stack-based out-of-bounds write to write attacker-controlled data to the stack. This can lead to denial-of-service, memory overwrite, or remote code execution across mu...
CVE-2022-47389
CVE-2022-47389 is a stack-based out-of-bounds write vulnerability in the CMPTraceMgr component of CODESYS V3, exploitable after authentication and capable of causing DoS, memory overwriting, or remote code execution across multiple products/versions. Connected sources corroborate that this family...
CVE-2022-47380
CVE-2022-47380 describes a stack-based out-of-bounds write in CMPapp (and related CMP components) within CODESYS V3 across multiple versions. After authentication, crafted requests can write to stack memory, enabling denial-of-service, memory overwriting, or remote code execution. Connected sourc...
CVE-2022-47383
CVE-2022-47383 refers to a stack-based out-of-bounds write in the CmpTraceMgr component of CODESYS V3. After authentication, crafted requests can write to the stack, enabling potential denial of service, memory corruption, or remote code execution. Several connected sources corroborate that this ...
CVE-2022-47385
CVE-2022-47385 affects CODESYS V3 runtime components (notably CmpAppForce) across multiple products/versions. After authentication, a crafted request can trigger a stack-based out-of-bounds write in CmpAppForce, risking denial-of-service, memory overwrite, or remote code execution. The related EN...
CVE-2022-47391
CVE-2022-47391 affects CODESYS V3 runtimes (CMPDevice component) across multiple versions. An unauthenticated, remote attacker can trigger improper input validation to read invalid addresses, causing a denial of service. Microsoft’s and Nessus-related materials corroborate DoS potential in CODESY...
CVE-2022-4048
CVE-2022-4048 affects CODESYS Development System V3, prior to 3.5.18.40. The issue is inadequate encryption strength in the runtime/boot code, allowing an unauthenticated local attacker to access and manipulate the encrypted boot application’s code, compromising confidentiality and integrity. Pub...