Lucene search
K
CodesysPlcwinnt

17 matches found

CVE
CVE
added 2021/10/26 9:55 a.m.85 views

CVE-2021-34593

CVE-2021-34593 affects CODESYS V2 Runtime Toolkit 32‑Bit full and PLCWinNT prior to V2.4.7.56. Unauthenticated crafted invalid requests may trigger several denial‑of‑service conditions, potentially stopping running PLC programs, leaking memory, or blocking additional clients from accessing the PL...

7.5CVSS7.5AI score0.02649EPSS
Web
CVE
CVE
added 2022/06/24 7:46 a.m.85 views

CVE-2022-32136

CVE-2022-32136 affects multiple CODESYS products. A low-privilege remote attacker can craft a request to read an uninitialized pointer, causing a denial-of-service without user interaction. The root cause is dereferencing/uninitialized pointers. Impact is DoS; confidentiality/integrity unaffected...

6.5CVSS6.6AI score0.00951EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.82 views

CVE-2022-31805

The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...

7.5CVSS7.8AI score0.00951EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.81 views

CVE-2022-31806

CVE-2022-31806 affects CODESYS V2 PLCWinNT and Runtime Toolkit 32-bit, prior to version V2.4.7.57, due to insecure/default password protection not enabled and no prompt to enable at login when no password exists. Public sources (CISA ICS advisory ICSA-25-329-05) describe potential consequences as...

9.8CVSS9.6AI score0.01118EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.77 views

CVE-2022-32139

CVE-2022-32139 affects multiple CODESYS products. An attacker with low privileges can remotely craft a request that triggers an out-of-bounds read, causing a denial-of-service condition without user interaction. The NVD and CVE records describe the impact but do not provide concrete details on af...

6.5CVSS6.5AI score0.00951EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.71 views

CVE-2022-32141

CVE-2022-32141 involves multiple CODESYS products with a buffer over-read caused by insufficient internal buffer read limits when processing a request with an invalid offset. This enables a low-privilege, remote attacker to trigger a denial-of-service condition without user interaction. The avail...

6.5CVSS6.5AI score0.00951EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.69 views

CVE-2022-1965

CVE-2022-1965 concerns multiple CODESYS products with an improper error handling flaw. A low-privilege, remote attacker can craft a network request that is not properly processed by the error handling, potentially causing deletion of the file referenced by that request. No user interaction is req...

8.1CVSS8.2AI score0.00977EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.69 views

CVE-2022-32142

CVE-2022-32142 affects multiple CODESYS products; an attacker with low privileges can craft requests with invalid offsets to trigger an out-of-bounds read/write, causing DoS or local memory overwrite and potentially changing local files. Descriptions consistently state no user interaction is requ...

8.1CVSS7.9AI score0.00977EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.69 views

CVE-2022-32143

In CVE-2022-32143, multiple CODESYS products expose a file upload/download function that can access internal files in the working directory (e.g., PLC firmware). The issue is conditionally exploitable: requests are processed on the controller only if no level-1 password is configured or if the at...

8.8CVSS8.7AI score0.01105EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.66 views

CVE-2022-32137

In CVE-2022-32137, multiple CODESYS products are affected by a heap-based buffer overflow that an unauthenticated, low-privilege remote attacker can trigger by crafting a request. This condition can result in a Denial of Service or a memory overwrite, with no user interaction required. The NVD en...

8.8CVSS8.8AI score0.01292EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.66 views

CVE-2022-32140

CVE-2022-32140 affects multiple CODESYS products and describes a buffer overflow caused by an unchecked size during a buffer copy, allowing a low-privileged, remote attacker to trigger a denial-of-service condition without user interaction. The description indicates an attacker can craft a reques...

6.5CVSS6.6AI score0.00965EPSS
CVE
CVE
added 2021/05/25 12:33 p.m.62 views

CVE-2021-30195

CVE-2021-30195 affects the CODESYS V2 runtime system prior to 2.4.7.55. The vulnerability is caused by Improper Input Validation, leading to an out-of-bounds read that can cause a denial-of-service. Affected components are the CODESYS Runtime Toolkit 32‑bit full and PLCWinNT prior to 2.4.7.55. Mi...

7.5CVSS8AI score0.0718EPSS
CVE
CVE
added 2021/10/26 9:55 a.m.62 views

CVE-2021-34595

The CVE-2021-34595 issue affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56. A crafted request with invalid offsets can trigger an out-of-bounds read or write, leading to a denial-of-service condition or local memory overwrite. The issue’s impact is reflected ...

8.1CVSS7.9AI score0.00851EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.60 views

CVE-2022-32138

CVE-2022-32138 affects multiple CODESYS products. A remote attacker can craft a request that triggers an unexpected sign extension, leading to denial-of-service or memory overwrite. The CVSS scores indicate high impact (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Affected detail on exact products, vers...

8.8CVSS8.8AI score0.01105EPSS
CVE
CVE
added 2021/10/26 9:55 a.m.56 views

CVE-2021-34596

CVE-2021-34596 affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT before version 2.4.7.56. A crafted request may trigger a read access to an uninitialized pointer, causing a denial-of-service condition. No exploitation details are provided in the documents. Remediation: update to V2.4.7....

6.5CVSS6.2AI score0.00828EPSS
CVE
CVE
added 2019/12/20 12:43 p.m.51 views

CVE-2019-19789

CVE-2019-19789 affects 3S-Smart CODESYS SP Realtime NT before v2.3.7.28, CODESYS Runtime Toolkit 32‑bit full before v2.4.7.54, and CODESYS PLCWinNT before v2.4.7.54. Root cause: NULL pointer dereference. Impact stated in sources includes network access with potential HIGH availability impact (CVS...

6.5CVSS6.5AI score0.01218EPSS
CVE
CVE
added 2021/05/25 12:33 p.m.50 views

CVE-2021-30186

CVE-2021-30186 affects CODESYS V2 runtime system SP prior to 2.4.7.55, where a heap-based buffer overflow is triggered by a crafted request. Public sources describe this as a vulnerability in the CODESYS Runtime Toolkit/PLCWinNT stack, enabling denial-of-service and, per ICS background, potential...

7.5CVSS8AI score0.07356EPSS