18 matches found
CVE-2019-9010
The CVE-2019-9010 issue affects 3S-Smart CODESYS V3 products containing the CmpGateway component, across versions prior to 3.5.14.20 (e.g., BeagleBone, emPC-A/iMX6, IOT2000, Linux, PFC100/200, Raspberry Pi, V3 Runtime Toolkit, Gateway V3, and V3 Development System). Root cause: the CODESYS Gatewa...
CVE-2019-9012
The CVE-2019-9012 entry describes an issue in 3S-Smart CODESYS V3 products where a crafted communication request may cause uncontrolled memory allocations, enabling a denial-of-service condition. Affected are all variants containing the CmpGateway component in versions prior to 3.5.14.20 (includi...
CVE-2022-22514
CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...
CVE-2022-22517
CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...
CVE-2022-22513
CVE-2022-22513 affects CODESYS products; an authenticated remote attacker can trigger a null pointer dereference in the CmpSettings component, causing a crash. The available connected documents describe the vulnerability class and impact (crash) but do not publish concrete affected versions or a ...
CVE-2021-36764
The CVE-2021-36764 issue affects CODESYS Gateway V3 prior to version 3.5.17.10, where a NULL pointer dereference can be triggered by crafted communication requests, potentially causing a denial-of-service in affected CODESYS products. The connected sources consistently describe this NULL pointer ...
CVE-2022-30791
CODESYS V3 contains a vulnerability in the CmpBlkDrvTcp component where uncontrolled resource consumption can cause the system to block new TCP connections. Existing connections remain unaffected. This CVE-2022-30791 entry is corroborated by multiple sources (e.g., NVD), but the connected documen...
CVE-2022-31803
CVE-2022-31803 affects CODESYS Gateway Server V2. An unauthenticated attacker can exhaust TCP connections by sending crafted requests, preventing legitimate clients from establishing new connections (existing connections are left untouched). The vulnerability also involves insufficient password v...
CVE-2021-29241
CVE-2021-29241 affects CODESYS Gateway V3 prior to version 3.5.16.70. The vulnerability is a NULL pointer dereference in the CmpGateway component that can lead to a denial-of-service condition. Several sources corroborate the issue and its association with the Gateway V3 product line (3S‑Smart/CO...
CVE-2022-31805
The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...
CVE-2018-20026
CVE-2018-20026 affects 3S-Smart Software Solutions CODESYS V3 products prior to V3.5.14.0. The issue is improper restriction of the communication channel to intended endpoints (CWE-923), enabling an authenticated remote attacker to influence communications, potentially reading/modifying configura...
CVE-2022-31804
The CVE-2022-31804 vulnerability affects the CODESYS Gateway Server V2 (prior to version 2.3.9.38). It does not verify that the size of a request is within expected limits, allowing an unauthenticated attacker to allocate memory arbitrarily, potentially causing the gateway to crash due to an out-...
CVE-2022-31802
CVE-2022-31802 affects CODESYS Gateway Server V2 prior to 2.3.9.38. The root cause is that only a portion of the specified password is compared to the real gateway password, enabling authentication by a short password fragment. Additional CVEs notes (and the linked advisories) describe related is...
CVE-2021-29242
CODESYS Control Runtime system prior to version 3.5.17.0 is affected by an input-validation weakness. A remote attacker can send crafted communication packets to change the router’s addressing scheme and may re-route, add, remove or alter low‑level communication packages. This CVE is documented w...
CVE-2018-20025
CVE-2018-20025 concerns a weakness in CODESYS V3 products prior to version 3.5.14.0 where insufficiently random values are used, impacting confidentiality and integrity. Public disclosures and multiple advisories (NVD entry and ICS/CISA notes) describe risks in the CODESYS Control runtime, web se...
CVE-2020-7052
CVE-2020-7052 affects CODESYS Control V3, Gateway V3 and HMI V3 before 3.5.15.30. The issue is uncontrolled memory allocation that can lead to a remote denial of service. The connected sources reiterate the same affected products and condition; no explicit patch/version details are provided in th...
CVE-2019-9009
CVE-2019-9009 affects 3S-Smart CODESYS V3 runtime systems prior to 3.5.15.0. A crafted network packet can cause the Control Runtime to crash, enabling a remote denial of service. The issue is associated with CODESYS V3 products containing a communication server, and patches are available in versi...
CVE-2022-30792
CVE-2022-30792 concerns CODESYS V3’s CmpChannelServer, where an uncontrolled resource consumption flaw allows an unauthorized attacker to block new communication channel connections. The impact is limited to availability (existing connections remain functional), with CVSS indicating high impact (...