Lucene search
K
CodesysGateway

18 matches found

CVE
CVE
added 2019/08/15 5:44 p.m.104 views

CVE-2019-9010

The CVE-2019-9010 issue affects 3S-Smart CODESYS V3 products containing the CmpGateway component, across versions prior to 3.5.14.20 (e.g., BeagleBone, emPC-A/iMX6, IOT2000, Linux, PFC100/200, Raspberry Pi, V3 Runtime Toolkit, Gateway V3, and V3 Development System). Root cause: the CODESYS Gatewa...

9.8CVSS9.2AI score0.01919EPSS
CVE
CVE
added 2019/08/15 5:47 p.m.101 views

CVE-2019-9012

The CVE-2019-9012 entry describes an issue in 3S-Smart CODESYS V3 products where a crafted communication request may cause uncontrolled memory allocations, enabling a denial-of-service condition. Affected are all variants containing the CmpGateway component in versions prior to 3.5.14.20 (includi...

7.8CVSS7.4AI score0.01752EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.98 views

CVE-2022-22514

CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...

7.1CVSS6.9AI score0.00858EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.90 views

CVE-2022-22517

CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...

7.5CVSS7.5AI score0.0127EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.88 views

CVE-2022-22513

CVE-2022-22513 affects CODESYS products; an authenticated remote attacker can trigger a null pointer dereference in the CmpSettings component, causing a crash. The available connected documents describe the vulnerability class and impact (crash) but do not publish concrete affected versions or a ...

6.5CVSS6.4AI score0.00999EPSS
CVE
CVE
added 2021/08/04 1:35 p.m.86 views

CVE-2021-36764

The CVE-2021-36764 issue affects CODESYS Gateway V3 prior to version 3.5.17.10, where a NULL pointer dereference can be triggered by crafted communication requests, potentially causing a denial-of-service in affected CODESYS products. The connected sources consistently describe this NULL pointer ...

7.5CVSS7.5AI score0.00988EPSS
CVE
CVE
added 2022/07/11 10:40 a.m.86 views

CVE-2022-30791

CODESYS V3 contains a vulnerability in the CmpBlkDrvTcp component where uncontrolled resource consumption can cause the system to block new TCP connections. Existing connections remain unaffected. This CVE-2022-30791 entry is corroborated by multiple sources (e.g., NVD), but the connected documen...

7.5CVSS7.5AI score0.00763EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.86 views

CVE-2022-31803

CVE-2022-31803 affects CODESYS Gateway Server V2. An unauthenticated attacker can exhaust TCP connections by sending crafted requests, preventing legitimate clients from establishing new connections (existing connections are left untouched). The vulnerability also involves insufficient password v...

5.3CVSS5.9AI score0.01026EPSS
CVE
CVE
added 2021/05/03 1:17 p.m.85 views

CVE-2021-29241

CVE-2021-29241 affects CODESYS Gateway V3 prior to version 3.5.16.70. The vulnerability is a NULL pointer dereference in the CmpGateway component that can lead to a denial-of-service condition. Several sources corroborate the issue and its association with the Gateway V3 product line (3S‑Smart/CO...

7.5CVSS7.8AI score0.01418EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.82 views

CVE-2022-31805

The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...

7.5CVSS7.8AI score0.00951EPSS
CVE
CVE
added 2019/02/19 9:0 p.m.72 views

CVE-2018-20026

CVE-2018-20026 affects 3S-Smart Software Solutions CODESYS V3 products prior to V3.5.14.0. The issue is improper restriction of the communication channel to intended endpoints (CWE-923), enabling an authenticated remote attacker to influence communications, potentially reading/modifying configura...

7.5CVSS7.5AI score0.03042EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.69 views

CVE-2022-31804

The CVE-2022-31804 vulnerability affects the CODESYS Gateway Server V2 (prior to version 2.3.9.38). It does not verify that the size of a request is within expected limits, allowing an unauthenticated attacker to allocate memory arbitrarily, potentially causing the gateway to crash due to an out-...

7.5CVSS7.8AI score0.01027EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.68 views

CVE-2022-31802

CVE-2022-31802 affects CODESYS Gateway Server V2 prior to 2.3.9.38. The root cause is that only a portion of the specified password is compared to the real gateway password, enabling authentication by a short password fragment. Additional CVEs notes (and the linked advisories) describe related is...

9.8CVSS9.8AI score0.01176EPSS
CVE
CVE
added 2021/05/03 1:56 p.m.66 views

CVE-2021-29242

CODESYS Control Runtime system prior to version 3.5.17.0 is affected by an input-validation weakness. A remote attacker can send crafted communication packets to change the router’s addressing scheme and may re-route, add, remove or alter low‑level communication packages. This CVE is documented w...

7.5CVSS7.1AI score0.01066EPSS
CVE
CVE
added 2019/02/19 9:0 p.m.60 views

CVE-2018-20025

CVE-2018-20025 concerns a weakness in CODESYS V3 products prior to version 3.5.14.0 where insufficiently random values are used, impacting confidentiality and integrity. Public disclosures and multiple advisories (NVD entry and ICS/CISA notes) describe risks in the CODESYS Control runtime, web se...

7.5CVSS7.5AI score0.02556EPSS
CVE
CVE
added 2020/01/24 7:31 p.m.59 views

CVE-2020-7052

CVE-2020-7052 affects CODESYS Control V3, Gateway V3 and HMI V3 before 3.5.15.30. The issue is uncontrolled memory allocation that can lead to a remote denial of service. The connected sources reiterate the same affected products and condition; no explicit patch/version details are provided in th...

6.5CVSS6.4AI score0.01884EPSS
CVE
CVE
added 2019/09/17 3:34 p.m.56 views

CVE-2019-9009

CVE-2019-9009 affects 3S-Smart CODESYS V3 runtime systems prior to 3.5.15.0. A crafted network packet can cause the Control Runtime to crash, enabling a remote denial of service. The issue is associated with CODESYS V3 products containing a communication server, and patches are available in versi...

7.5CVSS7.4AI score0.01696EPSS
CVE
CVE
added 2022/07/11 10:40 a.m.55 views

CVE-2022-30792

CVE-2022-30792 concerns CODESYS V3’s CmpChannelServer, where an uncontrolled resource consumption flaw allows an unauthorized attacker to block new communication channel connections. The impact is limited to availability (existing connections remain functional), with CVSS indicating high impact (...

7.5CVSS7.5AI score0.00763EPSS