Lucene search
K

7 matches found

CVE
CVE
added 2022/04/07 6:21 p.m.138 views

CVE-2022-22519

The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...

7.5CVSS7.8AI score0.01404EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.103 views

CVE-2022-22514

CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...

7.1CVSS6.9AI score0.00858EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.102 views

CVE-2022-22515

CVE-2022-22515 affects the CODESYS Control runtime system. A remote, authenticated attacker could use the control program to read and modify the affected product’s configuration files. The available documents describe the impact (unauthorized read/write of config files) and the attack path but do...

8.1CVSS7.9AI score0.01066EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.91 views

CVE-2022-22513

CVE-2022-22513 affects CODESYS products; an authenticated remote attacker can trigger a null pointer dereference in the CmpSettings component, causing a crash. The available connected documents describe the vulnerability class and impact (crash) but do not publish concrete affected versions or a ...

6.5CVSS6.4AI score0.00999EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.90 views

CVE-2022-22517

CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...

7.5CVSS7.5AI score0.0127EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.84 views

CVE-2022-31805

The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...

7.5CVSS7.8AI score0.00974EPSS
CVE
CVE
added 2023/08/03 12:39 p.m.46 views

CVE-2022-4046

CVE-2022-4046 – CODESYS Control runtime : Affected multiple versions of the CODESYS Control runtime (as used in ABB drives with CODESYS RTS). The issue is an improper restriction of operations within a memory buffer, enabling a remote attacker with user privileges to gain full access to the devic...

8.8CVSS9AI score0.00655EPSS