Lucene search
+L
CodesysDevelopment System

15 matches found

cve
cve
added 2022/04/07 6:21 p.m.139 views

CVE-2022-22519

The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...

7.5CVSS7.8AI score0.01404EPSS
cve
cve
added 2022/04/07 6:21 p.m.103 views

CVE-2022-22514

CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...

7.1CVSS6.9AI score0.00858EPSS
cve
cve
added 2019/08/15 5:47 p.m.102 views

CVE-2019-9012

The CVE-2019-9012 entry describes an issue in 3S-Smart CODESYS V3 products where a crafted communication request may cause uncontrolled memory allocations, enabling a denial-of-service condition. Affected are all variants containing the CmpGateway component in versions prior to 3.5.14.20 (includi...

7.8CVSS7.4AI score0.01752EPSS
cve
cve
added 2022/04/07 6:21 p.m.102 views

CVE-2022-22516

The CVE-2022-22516 entry concerns the SysDrv3S driver in the CODESYS Control runtime system on Windows, where a local attacker can read and write within restricted memory space. The connected records confirm the affected component (SysDrv3S driver) and the underlying issue enabling memory-space a...

7.8CVSS7.5AI score0.00253EPSS
cve
cve
added 2021/08/02 8:33 p.m.94 views

CVE-2021-21864

CVE-2021-21864 affects CODESYS Development System 3.5.16–3.5.17. A file-based input (APStartupCulture) is deserialized via BinaryFormatter in ComponentManager.StartupCultureSettings, enabling arbitrary command execution on exploitation. The TALOS report provides concrete details of the vulnerable...

7.8CVSS7.7AI score0.01727EPSS
cve
cve
added 2022/04/07 6:21 p.m.91 views

CVE-2022-22517

CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...

7.5CVSS7.5AI score0.0127EPSS
cve
cve
added 2021/05/03 1:17 p.m.89 views

CVE-2021-29241

CVE-2021-29241 affects CODESYS Gateway V3 prior to version 3.5.16.70. The vulnerability is a NULL pointer dereference in the CmpGateway component that can lead to a denial-of-service condition. Several sources corroborate the issue and its association with the Gateway V3 product line (3S‑Smart/CO...

7.5CVSS7.8AI score0.01418EPSS
cve
cve
added 2022/07/11 10:40 a.m.89 views

CVE-2022-30791

CODESYS V3 contains a vulnerability in the CmpBlkDrvTcp component where uncontrolled resource consumption can cause the system to block new TCP connections. Existing connections remain unaffected. This CVE-2022-30791 entry is corroborated by multiple sources (e.g., NVD), but the connected documen...

7.5CVSS7.5AI score0.0083EPSS
cve
cve
added 2022/06/24 7:46 a.m.85 views

CVE-2022-31805

The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...

7.5CVSS7.8AI score0.00974EPSS
cve
cve
added 2021/05/04 11:0 a.m.67 views

CVE-2021-29240

CVE-2021-29240 affects the CODESYS Development System Package Manager prior to version 3.5.17.0, which does not verify the validity of packages before installation, enabling potentially malicious packages to be installed. Public sources (NVD, Red Hat advisory) describe this as an insufficient dat...

7.8CVSS8.1AI score0.00936EPSS
cve
cve
added 2021/05/03 1:43 p.m.66 views

CVE-2021-29239

CVE-2021-29239 (CODESYS Development System) affects CODESYS Development System 3 prior to 3.5.17.0. The issue arises when the system displays or executes malicious documents/files embedded in libraries without validating their integrity, enabling a local attacker to cause high-impact outcomes (as...

7.8CVSS7.6AI score0.00179EPSS
cve
cve
added 2022/07/11 10:40 a.m.61 views

CVE-2022-30792

CVE-2022-30792 concerns CODESYS V3’s CmpChannelServer, where an uncontrolled resource consumption flaw allows an unauthorized attacker to block new communication channel connections. The impact is limited to availability (existing connections remain functional), with CVSS indicating high impact (...

7.5CVSS7.5AI score0.0083EPSS
cve
cve
added 2019/02/19 9:0 p.m.60 views

CVE-2018-20025

CVE-2018-20025 concerns a weakness in CODESYS V3 products prior to version 3.5.14.0 where insufficiently random values are used, impacting confidentiality and integrity. Public disclosures and multiple advisories (NVD entry and ICS/CISA notes) describe risks in the CODESYS Control runtime, web se...

7.5CVSS7.5AI score0.02556EPSS
cve
cve
added 2023/07/28 7:52 a.m.56 views

CVE-2023-3670

CVE-2023-3670 affects CODESYS Development System versions 3.5.9.0–3.5.17.0 and CODESYS Scripting 4.0.0.0–4.1.0.0. The issue arises from unsafe directory permissions that allow a locally authenticated attacker to place malicious scripts which can be executed by legitimate users, potentially escala...

7.3CVSS7AI score0.00196EPSS
cve
cve
added 2023/08/03 10:55 a.m.55 views

CVE-2023-3662

CVE-2023-3662 affects CODESYS Development System versions 3.5.17.0 through 3.5.19.19 (prior to 3.5.19.20). The vulnerability arises from an Uncontrolled Search Path Element (CWE-427) that allows execution of binaries from the current working directory in the user’s context. Impact, as described i...

7.3CVSS7.1AI score0.00194EPSS