Lucene search

K

23 matches found

CVE
CVE
added 2022/04/07 7:15 p.m.119 views

CVE-2022-22519

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

7.5CVSS7.8AI score0.01306EPSS
CVE
CVE
added 2022/04/07 7:15 p.m.79 views

CVE-2022-22516

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

7.8CVSS7.5AI score0.00038EPSS
CVE
CVE
added 2022/04/07 7:15 p.m.75 views

CVE-2022-22513

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

6.5CVSS6.4AI score0.00548EPSS
CVE
CVE
added 2022/07/11 11:15 a.m.67 views

CVE-2022-30791

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

7.5CVSS7.5AI score0.00389EPSS
CVE
CVE
added 2022/06/24 8:15 a.m.67 views

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

7.5CVSS7.8AI score0.00444EPSS
CVE
CVE
added 2023/08/03 11:15 a.m.58 views

CVE-2023-37545

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. Th...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.58 views

CVE-2023-37555

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. ...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.53 views

CVE-2023-3669

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

3.3CVSS3.8AI score0.00026EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.52 views

CVE-2023-37550

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. Th...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.51 views

CVE-2023-37557

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.

6.5CVSS6.5AI score0.00051EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.46 views

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.45 views

CVE-2023-37546

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. Th...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.45 views

CVE-2023-37556

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. ...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.44 views

CVE-2023-37547

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. Th...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.43 views

CVE-2023-37548

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. Th...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.40 views

CVE-2023-37551

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer,...

6.5CVSS6.6AI score0.00062EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.40 views

CVE-2023-37552

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. ...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.40 views

CVE-2023-37559

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2020/05/14 9:15 p.m.39 views

CVE-2020-12068

An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.

6.5CVSS6.5AI score0.00242EPSS
CVE
CVE
added 2022/07/11 11:15 a.m.38 views

CVE-2022-30792

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

7.5CVSS7.5AI score0.00536EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.36 views

CVE-2023-37554

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. ...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.35 views

CVE-2023-37549

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. Th...

6.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2023/08/03 12:15 p.m.34 views

CVE-2023-37553

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. ...

6.5CVSS6.3AI score0.0008EPSS