17 matches found
CVE-2021-34593
CVE-2021-34593 affects CODESYS V2 Runtime Toolkit 32‑Bit full and PLCWinNT prior to V2.4.7.56. Unauthenticated crafted invalid requests may trigger several denial‑of‑service conditions, potentially stopping running PLC programs, leaking memory, or blocking additional clients from accessing the PL...
CVE-2022-32136
CVE-2022-32136 affects multiple CODESYS products. A low-privilege remote attacker can craft a request to read an uninitialized pointer, causing a denial-of-service without user interaction. The root cause is dereferencing/uninitialized pointers. Impact is DoS; confidentiality/integrity unaffected...
CVE-2022-31805
The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...
CVE-2022-31806
CVE-2022-31806 affects CODESYS V2 PLCWinNT and Runtime Toolkit 32-bit, prior to version V2.4.7.57, due to insecure/default password protection not enabled and no prompt to enable at login when no password exists. Public sources (CISA ICS advisory ICSA-25-329-05) describe potential consequences as...
CVE-2022-32139
CVE-2022-32139 affects multiple CODESYS products. An attacker with low privileges can remotely craft a request that triggers an out-of-bounds read, causing a denial-of-service condition without user interaction. The NVD and CVE records describe the impact but do not provide concrete details on af...
CVE-2022-32141
CVE-2022-32141 involves multiple CODESYS products with a buffer over-read caused by insufficient internal buffer read limits when processing a request with an invalid offset. This enables a low-privilege, remote attacker to trigger a denial-of-service condition without user interaction. The avail...
CVE-2022-1965
CVE-2022-1965 concerns multiple CODESYS products with an improper error handling flaw. A low-privilege, remote attacker can craft a network request that is not properly processed by the error handling, potentially causing deletion of the file referenced by that request. No user interaction is req...
CVE-2022-32142
CVE-2022-32142 affects multiple CODESYS products; an attacker with low privileges can craft requests with invalid offsets to trigger an out-of-bounds read/write, causing DoS or local memory overwrite and potentially changing local files. Descriptions consistently state no user interaction is requ...
CVE-2022-32143
In CVE-2022-32143, multiple CODESYS products expose a file upload/download function that can access internal files in the working directory (e.g., PLC firmware). The issue is conditionally exploitable: requests are processed on the controller only if no level-1 password is configured or if the at...
CVE-2022-32137
In CVE-2022-32137, multiple CODESYS products are affected by a heap-based buffer overflow that an unauthenticated, low-privilege remote attacker can trigger by crafting a request. This condition can result in a Denial of Service or a memory overwrite, with no user interaction required. The NVD en...
CVE-2022-32140
CVE-2022-32140 affects multiple CODESYS products and describes a buffer overflow caused by an unchecked size during a buffer copy, allowing a low-privileged, remote attacker to trigger a denial-of-service condition without user interaction. The description indicates an attacker can craft a reques...
CVE-2021-30195
CVE-2021-30195 affects the CODESYS V2 runtime system prior to 2.4.7.55. The vulnerability is caused by Improper Input Validation, leading to an out-of-bounds read that can cause a denial-of-service. Affected components are the CODESYS Runtime Toolkit 32‑bit full and PLCWinNT prior to 2.4.7.55. Mi...
CVE-2021-34595
The CVE-2021-34595 issue affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56. A crafted request with invalid offsets can trigger an out-of-bounds read or write, leading to a denial-of-service condition or local memory overwrite. The issue’s impact is reflected ...
CVE-2022-32138
CVE-2022-32138 affects multiple CODESYS products. A remote attacker can craft a request that triggers an unexpected sign extension, leading to denial-of-service or memory overwrite. The CVSS scores indicate high impact (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Affected detail on exact products, vers...
CVE-2021-34596
CVE-2021-34596 affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT before version 2.4.7.56. A crafted request may trigger a read access to an uninitialized pointer, causing a denial-of-service condition. No exploitation details are provided in the documents. Remediation: update to V2.4.7....
CVE-2019-19789
CVE-2019-19789 affects 3S-Smart CODESYS SP Realtime NT before v2.3.7.28, CODESYS Runtime Toolkit 32‑bit full before v2.4.7.54, and CODESYS PLCWinNT before v2.4.7.54. Root cause: NULL pointer dereference. Impact stated in sources includes network access with potential HIGH availability impact (CVS...
CVE-2021-30186
CVE-2021-30186 affects CODESYS V2 runtime system SP prior to 2.4.7.55, where a heap-based buffer overflow is triggered by a crafted request. Public sources describe this as a vulnerability in the CODESYS Runtime Toolkit/PLCWinNT stack, enabling denial-of-service and, per ICS background, potential...