Lucene search
K

30 matches found

CVE
CVE
added 2019/09/13 4:58 p.m.272 views

CVE-2019-13548

CVE-2019-13548 affects the CODESYS V3 web server (CmpWebServer) included in CODESYS Control runtimes prior to version 3.5.14.10. The vulnerability is a stack-based buffer overflow triggered by specially crafted HTTP/HTTPS requests, enabling a remote attacker to cause a denial of service and, in s...

9.8CVSS9.8AI score0.05858EPSS
CVE
CVE
added 2019/09/13 4:58 p.m.261 views

CVE-2019-13532

The CVE applies to the CODESYS V3 web server (CmpWebServer) used in multiple CODESYS runtime products. Affected: all versions prior to 3.5.14.10 of the CODESYS V3 web server. Root cause: path traversal via specially crafted HTTP/HTTPS requests that may allow access to files outside the restricted...

7.5CVSS7.9AI score0.03178EPSS
CVE
CVE
added 2020/03/26 3:45 a.m.121 views

CVE-2020-10245

CVE-2020-10245 concerns the CODESYS V3 web server (used in CODESYS Control runtime systems) with a heap-based buffer overflow in the web server handling path. Public sources in the connected documents confirm the issue affects CODESYS V3 web server before 3.5.15.40, enabling a remote attacker to ...

10CVSS9.5AI score0.02459EPSS
CVE
CVE
added 2022/07/11 10:40 a.m.86 views

CVE-2022-30791

CODESYS V3 contains a vulnerability in the CmpBlkDrvTcp component where uncontrolled resource consumption can cause the system to block new TCP connections. Existing connections remain unaffected. This CVE-2022-30791 entry is corroborated by multiple sources (e.g., NVD), but the connected documen...

7.5CVSS7.5AI score0.00763EPSS
CVE
CVE
added 2019/11/20 5:4 p.m.84 views

CVE-2019-18858

CODESYS V3 web server (distributed with CODESYS Control runtime systems) is affected by a heap/buffer overflow before version 3.5.15.20. The issue arises from improper validation in the web server URL handling, allowing remote, unauthenticated attackers to crash or potentially overwrite memory. M...

9.8CVSS9.4AI score0.01961EPSS
CVE
CVE
added 2021/08/03 3:44 p.m.72 views

CVE-2021-33485

The CVE-2021-33485 entry affects CODESYS Control Runtime System prior to version 3.5.17.10, where a heap-based buffer overflow is reported. Public sources consistently describe the vulnerability as a remote condition in the CODESYS Control Runtime, with the NVD metrics indicating network-based ac...

9.8CVSS9.4AI score0.01144EPSS
CVE
CVE
added 2023/08/03 10:59 a.m.70 views

CVE-2023-37545

CVE-2023-37545 affects multiple Codesys products; after successful user authentication, crafted network requests can make CmpApp read from an invalid address, potentially causing a denial-of-service. No connected documents provide concrete version/product remediation details in this dataset.

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:5 a.m.68 views

CVE-2023-37555

Technical details about CVE-2023-37555 are not publicly available in the provided connected documents. The initial description mentions a possible DoS via CmpAppBP but no vendor/product/version specifics or fixes are given here. Monitor for updates.

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2020/07/22 6:14 p.m.66 views

CVE-2020-15806

CVE-2020-15806 affects the CODESYS Control runtime system before 3.5.16.10. The issue is Uncontrolled Memory Allocation, which can cause the runtime to crash and, per linked sources, may lead to a denial of service. Technical details in the connected documents confirm the vulnerable component and...

7.5CVSS7.5AI score0.02047EPSS
CVE
CVE
added 2021/05/03 1:56 p.m.66 views

CVE-2021-29242

CODESYS Control Runtime system prior to version 3.5.17.0 is affected by an input-validation weakness. A remote attacker can send crafted communication packets to change the router’s addressing scheme and may re-route, add, remove or alter low‑level communication packages. This CVE is documented w...

7.5CVSS7.1AI score0.01066EPSS
CVE
CVE
added 2023/08/03 11:3 a.m.62 views

CVE-2023-37550

CVE-2023-37550 affects multiple Codesys products; after successful user authentication, crafted network requests can cause the CmpApp component to read from an invalid address, potentially causing a denial-of-service. CVSSv3.1 base score 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). No explicit reme...

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:6 a.m.62 views

CVE-2023-37557

CVE-2023-37557 affects multiple Codesys products via the CmpAppBP (and related components) in the Codesys Runtime System. After user authentication, specially crafted remote network requests can cause CmpAppBP to overwrite a heap-based buffer, potentially leading to a denial-of-service condition....

6.5CVSS6.5AI score0.00519EPSS
CVE
CVE
added 2020/01/24 7:31 p.m.59 views

CVE-2020-7052

CVE-2020-7052 affects CODESYS Control V3, Gateway V3 and HMI V3 before 3.5.15.30. The issue is uncontrolled memory allocation that can lead to a remote denial of service. The connected sources reiterate the same affected products and condition; no explicit patch/version details are provided in th...

6.5CVSS6.4AI score0.01884EPSS
CVE
CVE
added 2019/09/17 1:15 p.m.58 views

CVE-2019-9008

CVE-2019-9008 concerns 3S-Smart CODESYS V3 online user management with the CmpUserMgr component. Affected products (prior to version 3.5.13.0) may suffer Incorrect Permission Assignment for Critical Resource , allowing an authenticated remote attacker to access or manipulate restricted functional...

8.8CVSS8.6AI score0.0186EPSS
CVE
CVE
added 2019/09/17 3:34 p.m.56 views

CVE-2019-9009

CVE-2019-9009 affects 3S-Smart CODESYS V3 runtime systems prior to 3.5.15.0. A crafted network packet can cause the Control Runtime to crash, enabling a remote denial of service. The issue is associated with CODESYS V3 products containing a communication server, and patches are available in versi...

7.5CVSS7.4AI score0.01696EPSS
CVE
CVE
added 2021/08/03 3:49 p.m.56 views

CVE-2021-36763

CVE-2021-36763 affects the CODESYS V3 web server prior to version 3.5.17.10. The vulnerability allows files or directories to be accessible to external parties. According to NVD/Red Hat entries, this is a web-server exposure issue in the CODESYS ecosystem, with CVSS data indicating Confidentialit...

7.5CVSS7.5AI score0.01014EPSS
CVE
CVE
added 2023/03/23 10:45 a.m.55 views

CVE-2018-25048

The CVE-2018-25048 entry refers to a path-traversal vulnerability in the CODESYS runtime system across multiple versions. The vulnerability allows a remote, low-privilege attacker to access and modify all system files and perform a DoS on the device. Public exploitation details are not provided i...

8.8CVSS8.6AI score0.01022EPSS
CVE
CVE
added 2022/07/11 10:40 a.m.55 views

CVE-2022-30792

CVE-2022-30792 concerns CODESYS V3’s CmpChannelServer, where an uncontrolled resource consumption flaw allows an unauthorized attacker to block new communication channel connections. The impact is limited to availability (existing connections remain functional), with CVSS indicating high impact (...

7.5CVSS7.5AI score0.00763EPSS
CVE
CVE
added 2023/08/03 11:6 a.m.55 views

CVE-2023-37558

CVE-2023-37558 affects multiple Codesys products using the CODESYS Runtime System (RTS). After user authentication, specially crafted network requests with inconsistent content can cause the CmpAppForce component to read from an invalid address, potentially enabling a denial-of-service condition....

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2020/05/14 8:29 p.m.54 views

CVE-2020-12068

CVE-2020-12068 affects CODESYS Development System prior to 3.5.16.0, with WebVisu and Remote TargetVisu susceptible to privilege escalation. The issue can be exploited remotely over the network with low attack complexity and no authentication required, enabling an attacker to escalate privileges ...

6.5CVSS6.5AI score0.00919EPSS
CVE
CVE
added 2023/08/03 11:0 a.m.54 views

CVE-2023-37546

The CVE-2023-37546 entry concerns multiple Codesys products (in multiple versions) where, after successful user authentication, crafted network requests with inconsistent content can cause the CmpApp component to read from an invalid address, potentially leading to a denial-of-service. The impact...

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:5 a.m.54 views

CVE-2023-37556

In CVE-2023-37556, multiple Codesys products are affected. After user authentication, specifically crafted network requests with inconsistent content can cause the CmpAppBP component to read from an invalid address, potentially leading to a denial-of-service. The vulnerability is within the Codes...

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:2 a.m.53 views

CVE-2023-37548

CVE-2023-37548 affects multiple Codesys products; after successful user authentication, crafted network requests with inconsistent content can cause the CmpApp component to read from an invalid address, potentially leading to a denial-of-service. Root cause: improper handling of crafted input in ...

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:1 a.m.52 views

CVE-2023-37547

CVE-2023-37547 affects multiple Codesys products using the Codesys Runtime System. After successful user authentication, crafted network requests with inconsistent content can cause CmpApp to read from an invalid address, potentially resulting in a denial-of-service. The description also referenc...

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:3 a.m.51 views

CVE-2023-37551

The CVE-2023-37551 issue affects Codesys products where, after user authentication, crafted requests can use the CmpApp component to download files with arbitrary extensions to the controller, bypassing type filtering and potentially compromising the CODESYS Runtime integrity. The attack paths de...

6.5CVSS6.6AI score0.00412EPSS
CVE
CVE
added 2023/08/03 11:4 a.m.50 views

CVE-2023-37552

Technical details for CVE-2023-37552 are not provided in the supplied documents; no specific affected products, root cause, or remediation are present. Monitor for updates from official advisories.

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:5 a.m.49 views

CVE-2023-37554

CVE-2023-37554 concerns multiple Codesys products where, after user authentication, crafted network requests to the CmpAppBP/CmpApp component can cause reads from an invalid address, potentially resulting in denial-of-service. The issue is reported across multiple Codesys versions; it is distinct...

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:6 a.m.49 views

CVE-2023-37559

CVE-2023-37559 affects multiple Codesys products that use the CODESYS Runtime System. The issue allows an authenticated user to send crafted network requests that cause the CmpAppForce (and related CmpAppBP) components to read from invalid memory addresses, potentially enabling a denial‑of‑servic...

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:2 a.m.43 views

CVE-2023-37549

Technical details about CVE-2023-37549 are not provided in the connected documents. Public info mentions a DoS in Codesys CmpApp after authentication, but specifics (affected versions, exploit paths, or fixes) are not disclosed here. Monitor for updates.

6.5CVSS6.3AI score0.00519EPSS
CVE
CVE
added 2023/08/03 11:4 a.m.43 views

CVE-2023-37553

Technical details for CVE-2023-37553 are not publicly available in the provided documents. Monitoring for updates is advised.

6.5CVSS6.3AI score0.00519EPSS