Lucene search
+L
CodesysDevelopment System

9 matches found

CVE
CVE
added 2019/08/15 4:8 p.m.106 views

CVE-2019-9013

CVE-2019-9013 affects 3S-Smart CODESYS V3 products containing CmpUserMgr; the root cause is that credentials may be transported without TLS protection, enabling credential exposure. Affected are multiple CODESYS V3 runtimes and HMI/SDK components across BeagleBone, emPC-A/iMX6, IOT2000, Linux, PF...

8.8CVSS8.6AI score0.00303EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.104 views

CVE-2022-22515

CVE-2022-22515 affects the CODESYS Control runtime system. A remote, authenticated attacker could use the control program to read and modify the affected product’s configuration files. The available documents describe the impact (unauthorized read/write of config files) and the attack path but do...

8.1CVSS7.9AI score0.01066EPSS
CVE
CVE
added 2023/08/03 10:55 a.m.76 views

CVE-2023-3663

CVE-2023-3663 concerns the CODESYS Development System: versions 3.5.11.0–3.5.19.20 suffer a missing integrity check in the HTTP notification content, allowing an unauthenticated remote attacker to manipulate notifications sent by the CODESYS notification server. This can enable MITM-style manipul...

8.8CVSS8.7AI score0.01034EPSS
CVE
CVE
added 2021/08/02 8:33 p.m.71 views

CVE-2021-21865

CVE-2021-21865 affects CODESYS Development System 3.5.16. The vulnerability is in PackageManagement.plugin ExtensionMethods.Clone(), which leverages BinaryFormatter to serialize/deserialize and exposes deserialization of untrusted data, enabling arbitrary command execution on exploitation (as des...

8.8CVSS7.7AI score0.01298EPSS
CVE
CVE
added 2023/03/23 11:15 a.m.70 views

CVE-2022-4224

CVE-2022-4224 affects CODESYS v3 in multiple versions. A remote, low-privilege attacker could read/modify system files and OS resources or cause a DoS. CVSSv3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8). No concrete remediation details are provided in the supplied documents; ex...

8.8CVSS8.5AI score0.00883EPSS
CVE
CVE
added 2021/08/02 8:33 p.m.66 views

CVE-2021-21866

CODESYS Development System 3.5.16–3.5.17 contains an unsafe deserialization vulnerability in the ObjectManager.plugin’s ProfileInformation.ProfileData. The issue arises from using BinaryFormatter.Deserialize on untrusted input when loading the profile data (ProfileData property), enabling a craft...

8.8CVSS7.7AI score0.01671EPSS
CVE
CVE
added 2021/08/05 8:0 p.m.62 views

CVE-2021-21863

The TALOS report documents a deserialization vulnerability in CODESYS Development System 3.5.16–3.5.17. The flaw is in ComponentModel.Profile.FromFile(), which deserializes a profile via BinaryFormatter.Deserialize, a known unsafe pattern for untrusted input. This can lead to arbitrary code execu...

8.8CVSS7.7AI score0.01219EPSS
CVE
CVE
added 2026/05/26 6:37 a.m.27 views

CVE-2026-44468

CVE-2026-44468 affects CODESYS Development System. During administrative installation, the process creates a directory with insecure default permissions, allowing a low‑privileged local attacker to modify a temporary file that defines components to be installed. This enables local privilege escal...

8.5CVSS5.9AI score0.00123EPSS
CVE
CVE
added 2026/05/26 6:39 a.m.24 views

CVE-2026-44469

The CVE-2026-44469 entry concerns CODESYS Development System. During administrative installation, installation files are extracted to a temporary directory with incorrect default permissions. A low-privileged local attacker could exploit a TOCTOU race condition within a practical time window to r...

8.5CVSS5.8AI score0.00105EPSS