Lucene search
K

8 matches found

CVE
CVE
added 2021/10/26 9:55 a.m.86 views

CVE-2021-34593

CVE-2021-34593 affects CODESYS V2 Runtime Toolkit 32‑Bit full and PLCWinNT prior to V2.4.7.56. Unauthenticated crafted invalid requests may trigger several denial‑of‑service conditions, potentially stopping running PLC programs, leaking memory, or blocking additional clients from accessing the PL...

7.5CVSS7.5AI score0.02649EPSS
Web
CVE
CVE
added 2022/06/24 7:46 a.m.83 views

CVE-2022-31805

The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...

7.5CVSS7.8AI score0.00951EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.81 views

CVE-2022-31806

CVE-2022-31806 affects CODESYS V2 PLCWinNT and Runtime Toolkit 32-bit, prior to version V2.4.7.57, due to insecure/default password protection not enabled and no prompt to enable at login when no password exists. Public sources (CISA ICS advisory ICSA-25-329-05) describe potential consequences as...

9.8CVSS9.6AI score0.01118EPSS
CVE
CVE
added 2021/05/25 12:33 p.m.62 views

CVE-2021-30195

CVE-2021-30195 affects the CODESYS V2 runtime system prior to 2.4.7.55. The vulnerability is caused by Improper Input Validation, leading to an out-of-bounds read that can cause a denial-of-service. Affected components are the CODESYS Runtime Toolkit 32‑bit full and PLCWinNT prior to 2.4.7.55. Mi...

7.5CVSS8AI score0.0718EPSS
CVE
CVE
added 2021/10/26 9:55 a.m.62 views

CVE-2021-34595

The CVE-2021-34595 issue affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56. A crafted request with invalid offsets can trigger an out-of-bounds read or write, leading to a denial-of-service condition or local memory overwrite. The issue’s impact is reflected ...

8.1CVSS7.9AI score0.00851EPSS
CVE
CVE
added 2021/10/26 9:55 a.m.56 views

CVE-2021-34596

CVE-2021-34596 affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT before version 2.4.7.56. A crafted request may trigger a read access to an uninitialized pointer, causing a denial-of-service condition. No exploitation details are provided in the documents. Remediation: update to V2.4.7....

6.5CVSS6.2AI score0.00828EPSS
CVE
CVE
added 2019/12/20 12:43 p.m.52 views

CVE-2019-19789

CVE-2019-19789 affects 3S-Smart CODESYS SP Realtime NT before v2.3.7.28, CODESYS Runtime Toolkit 32‑bit full before v2.4.7.54, and CODESYS PLCWinNT before v2.4.7.54. Root cause: NULL pointer dereference. Impact stated in sources includes network access with potential HIGH availability impact (CVS...

6.5CVSS6.5AI score0.01218EPSS
CVE
CVE
added 2021/05/25 12:33 p.m.51 views

CVE-2021-30186

CVE-2021-30186 affects CODESYS V2 runtime system SP prior to 2.4.7.55, where a heap-based buffer overflow is triggered by a crafted request. Public sources describe this as a vulnerability in the CODESYS Runtime Toolkit/PLCWinNT stack, enabling denial-of-service and, per ICS background, potential...

7.5CVSS8AI score0.07356EPSS