15 matches found
CVE-2022-22519
The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...
CVE-2022-22514
CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...
CVE-2019-9012
The CVE-2019-9012 entry describes an issue in 3S-Smart CODESYS V3 products where a crafted communication request may cause uncontrolled memory allocations, enabling a denial-of-service condition. Affected are all variants containing the CmpGateway component in versions prior to 3.5.14.20 (includi...
CVE-2022-22516
The CVE-2022-22516 entry concerns the SysDrv3S driver in the CODESYS Control runtime system on Windows, where a local attacker can read and write within restricted memory space. The connected records confirm the affected component (SysDrv3S driver) and the underlying issue enabling memory-space a...
CVE-2021-21864
CVE-2021-21864 affects CODESYS Development System 3.5.16–3.5.17. A file-based input (APStartupCulture) is deserialized via BinaryFormatter in ComponentManager.StartupCultureSettings, enabling arbitrary command execution on exploitation. The TALOS report provides concrete details of the vulnerable...
CVE-2022-22517
CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...
CVE-2021-29241
CVE-2021-29241 affects CODESYS Gateway V3 prior to version 3.5.16.70. The vulnerability is a NULL pointer dereference in the CmpGateway component that can lead to a denial-of-service condition. Several sources corroborate the issue and its association with the Gateway V3 product line (3S‑Smart/CO...
CVE-2022-30791
CODESYS V3 contains a vulnerability in the CmpBlkDrvTcp component where uncontrolled resource consumption can cause the system to block new TCP connections. Existing connections remain unaffected. This CVE-2022-30791 entry is corroborated by multiple sources (e.g., NVD), but the connected documen...
CVE-2022-31805
The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...
CVE-2021-29240
CVE-2021-29240 affects the CODESYS Development System Package Manager prior to version 3.5.17.0, which does not verify the validity of packages before installation, enabling potentially malicious packages to be installed. Public sources (NVD, Red Hat advisory) describe this as an insufficient dat...
CVE-2021-29239
CVE-2021-29239 (CODESYS Development System) affects CODESYS Development System 3 prior to 3.5.17.0. The issue arises when the system displays or executes malicious documents/files embedded in libraries without validating their integrity, enabling a local attacker to cause high-impact outcomes (as...
CVE-2022-30792
CVE-2022-30792 concerns CODESYS V3’s CmpChannelServer, where an uncontrolled resource consumption flaw allows an unauthorized attacker to block new communication channel connections. The impact is limited to availability (existing connections remain functional), with CVSS indicating high impact (...
CVE-2018-20025
CVE-2018-20025 concerns a weakness in CODESYS V3 products prior to version 3.5.14.0 where insufficiently random values are used, impacting confidentiality and integrity. Public disclosures and multiple advisories (NVD entry and ICS/CISA notes) describe risks in the CODESYS Control runtime, web se...
CVE-2023-3670
CVE-2023-3670 affects CODESYS Development System versions 3.5.9.0–3.5.17.0 and CODESYS Scripting 4.0.0.0–4.1.0.0. The issue arises from unsafe directory permissions that allow a locally authenticated attacker to place malicious scripts which can be executed by legitimate users, potentially escala...
CVE-2023-3662
CVE-2023-3662 affects CODESYS Development System versions 3.5.17.0 through 3.5.19.19 (prior to 3.5.19.20). The vulnerability arises from an Uncontrolled Search Path Element (CWE-427) that allows execution of binaries from the current working directory in the user’s context. Impact, as described i...