Lucene search
K
CodesysEmbedded Target Visu Toolkit

16 matches found

CVE
CVE
added 2019/09/13 4:58 p.m.272 views

CVE-2019-13548

CVE-2019-13548 affects the CODESYS V3 web server (CmpWebServer) included in CODESYS Control runtimes prior to version 3.5.14.10. The vulnerability is a stack-based buffer overflow triggered by specially crafted HTTP/HTTPS requests, enabling a remote attacker to cause a denial of service and, in s...

9.8CVSS9.8AI score0.05858EPSS
CVE
CVE
added 2019/09/13 4:58 p.m.261 views

CVE-2019-13532

The CVE applies to the CODESYS V3 web server (CmpWebServer) used in multiple CODESYS runtime products. Affected: all versions prior to 3.5.14.10 of the CODESYS V3 web server. Root cause: path traversal via specially crafted HTTP/HTTPS requests that may allow access to files outside the restricted...

7.5CVSS7.9AI score0.03178EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.138 views

CVE-2022-22519

The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...

7.5CVSS7.8AI score0.01404EPSS
CVE
CVE
added 2020/03/26 3:45 a.m.121 views

CVE-2020-10245

CVE-2020-10245 concerns the CODESYS V3 web server (used in CODESYS Control runtime systems) with a heap-based buffer overflow in the web server handling path. Public sources in the connected documents confirm the issue affects CODESYS V3 web server before 3.5.15.40, enabling a remote attacker to ...

10CVSS9.5AI score0.02459EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.102 views

CVE-2022-22515

CVE-2022-22515 affects the CODESYS Control runtime system. A remote, authenticated attacker could use the control program to read and modify the affected product’s configuration files. The available documents describe the impact (unauthorized read/write of config files) and the attack path but do...

8.1CVSS7.9AI score0.01066EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.98 views

CVE-2022-22514

CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...

7.1CVSS6.9AI score0.00858EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.90 views

CVE-2022-22517

CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...

7.5CVSS7.5AI score0.0127EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.88 views

CVE-2022-22513

CVE-2022-22513 affects CODESYS products; an authenticated remote attacker can trigger a null pointer dereference in the CmpSettings component, causing a crash. The available connected documents describe the vulnerability class and impact (crash) but do not publish concrete affected versions or a ...

6.5CVSS6.4AI score0.00999EPSS
CVE
CVE
added 2022/07/11 10:40 a.m.86 views

CVE-2022-30791

CODESYS V3 contains a vulnerability in the CmpBlkDrvTcp component where uncontrolled resource consumption can cause the system to block new TCP connections. Existing connections remain unaffected. This CVE-2022-30791 entry is corroborated by multiple sources (e.g., NVD), but the connected documen...

7.5CVSS7.5AI score0.00763EPSS
CVE
CVE
added 2019/11/20 5:4 p.m.84 views

CVE-2019-18858

CODESYS V3 web server (distributed with CODESYS Control runtime systems) is affected by a heap/buffer overflow before version 3.5.15.20. The issue arises from improper validation in the web server URL handling, allowing remote, unauthenticated attackers to crash or potentially overwrite memory. M...

9.8CVSS9.4AI score0.01961EPSS
CVE
CVE
added 2021/08/03 3:44 p.m.72 views

CVE-2021-33485

The CVE-2021-33485 entry affects CODESYS Control Runtime System prior to version 3.5.17.10, where a heap-based buffer overflow is reported. Public sources consistently describe the vulnerability as a remote condition in the CODESYS Control Runtime, with the NVD metrics indicating network-based ac...

9.8CVSS9.4AI score0.01144EPSS
CVE
CVE
added 2020/07/22 6:14 p.m.66 views

CVE-2020-15806

CVE-2020-15806 affects the CODESYS Control runtime system before 3.5.16.10. The issue is Uncontrolled Memory Allocation, which can cause the runtime to crash and, per linked sources, may lead to a denial of service. Technical details in the connected documents confirm the vulnerable component and...

7.5CVSS7.5AI score0.02047EPSS
CVE
CVE
added 2021/05/03 1:56 p.m.66 views

CVE-2021-29242

CODESYS Control Runtime system prior to version 3.5.17.0 is affected by an input-validation weakness. A remote attacker can send crafted communication packets to change the router’s addressing scheme and may re-route, add, remove or alter low‑level communication packages. This CVE is documented w...

7.5CVSS7.1AI score0.01066EPSS
CVE
CVE
added 2021/08/03 3:49 p.m.57 views

CVE-2021-36763

CVE-2021-36763 affects the CODESYS V3 web server prior to version 3.5.17.10. The vulnerability allows files or directories to be accessible to external parties. According to NVD/Red Hat entries, this is a web-server exposure issue in the CODESYS ecosystem, with CVSS data indicating Confidentialit...

7.5CVSS7.5AI score0.01014EPSS
CVE
CVE
added 2023/03/23 10:45 a.m.55 views

CVE-2018-25048

The CVE-2018-25048 entry refers to a path-traversal vulnerability in the CODESYS runtime system across multiple versions. The vulnerability allows a remote, low-privilege attacker to access and modify all system files and perform a DoS on the device. Public exploitation details are not provided i...

8.8CVSS8.6AI score0.01022EPSS
CVE
CVE
added 2022/07/11 10:40 a.m.55 views

CVE-2022-30792

CVE-2022-30792 concerns CODESYS V3’s CmpChannelServer, where an uncontrolled resource consumption flaw allows an unauthorized attacker to block new communication channel connections. The impact is limited to availability (existing connections remain functional), with CVSS indicating high impact (...

7.5CVSS7.5AI score0.00763EPSS