Gateway Security Vulnerabilities and Issues — Gateway CVE List

Lucene search

CodesysGateway

13 matches found

CVE•added 2019/08/15 6:15 p.m.•89 views

CVE-2019-9012

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 ...

7.8CVSS7.4AI score0.00283EPSS

CVE•added 2022/04/07 7:15 p.m.•82 views

CVE-2022-22514

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid...

7.1CVSS6.9AI score0.00683EPSS

CVE•added 2022/04/07 7:15 p.m.•75 views

CVE-2022-22517

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

7.5CVSS7.5AI score0.01034EPSS

CVE•added 2021/08/04 2:15 p.m.•68 views

CVE-2021-36764

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

7.5CVSS7.5AI score0.00336EPSS

CVE•added 2022/07/11 11:15 a.m.•66 views

CVE-2022-30791

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

7.5CVSS7.5AI score0.00389EPSS

CVE•added 2022/06/24 8:15 a.m.•66 views

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

7.5CVSS7.8AI score0.00444EPSS

CVE•added 2021/05/03 2:15 p.m.•65 views

CVE-2021-29241

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

7.5CVSS7.8AI score0.00644EPSS

CVE•added 2022/06/24 8:15 a.m.•57 views

CVE-2022-31804

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.

7.5CVSS7.8AI score0.00517EPSS

CVE•added 2021/05/03 2:15 p.m.•51 views

CVE-2021-29242

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

7.5CVSS7.1AI score0.00576EPSS

CVE•added 2019/02/19 9:29 p.m.•50 views

CVE-2018-20026

Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.

7.5CVSS7.5AI score0.01432EPSS

CVE•added 2019/02/19 9:29 p.m.•44 views

CVE-2018-20025

Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.

7.5CVSS7.5AI score0.01535EPSS

CVE•added 2019/09/17 4:15 p.m.•41 views

CVE-2019-9009

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.

7.5CVSS7.4AI score0.00381EPSS

CVE•added 2022/07/11 11:15 a.m.•37 views

CVE-2022-30792

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

7.5CVSS7.5AI score0.00536EPSS