16 matches found
CVE-2019-13548
CVE-2019-13548 affects the CODESYS V3 web server (CmpWebServer) included in CODESYS Control runtimes prior to version 3.5.14.10. The vulnerability is a stack-based buffer overflow triggered by specially crafted HTTP/HTTPS requests, enabling a remote attacker to cause a denial of service and, in s...
CVE-2019-13532
The CVE applies to the CODESYS V3 web server (CmpWebServer) used in multiple CODESYS runtime products. Affected: all versions prior to 3.5.14.10 of the CODESYS V3 web server. Root cause: path traversal via specially crafted HTTP/HTTPS requests that may allow access to files outside the restricted...
CVE-2022-22519
The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...
CVE-2020-10245
CVE-2020-10245 concerns the CODESYS V3 web server (used in CODESYS Control runtime systems) with a heap-based buffer overflow in the web server handling path. Public sources in the connected documents confirm the issue affects CODESYS V3 web server before 3.5.15.40, enabling a remote attacker to ...
CVE-2022-22515
CVE-2022-22515 affects the CODESYS Control runtime system. A remote, authenticated attacker could use the control program to read and modify the affected product’s configuration files. The available documents describe the impact (unauthorized read/write of config files) and the attack path but do...
CVE-2022-22514
CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...
CVE-2022-22517
CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...
CVE-2022-22513
CVE-2022-22513 affects CODESYS products; an authenticated remote attacker can trigger a null pointer dereference in the CmpSettings component, causing a crash. The available connected documents describe the vulnerability class and impact (crash) but do not publish concrete affected versions or a ...
CVE-2022-30791
CODESYS V3 contains a vulnerability in the CmpBlkDrvTcp component where uncontrolled resource consumption can cause the system to block new TCP connections. Existing connections remain unaffected. This CVE-2022-30791 entry is corroborated by multiple sources (e.g., NVD), but the connected documen...
CVE-2019-18858
CODESYS V3 web server (distributed with CODESYS Control runtime systems) is affected by a heap/buffer overflow before version 3.5.15.20. The issue arises from improper validation in the web server URL handling, allowing remote, unauthenticated attackers to crash or potentially overwrite memory. M...
CVE-2021-33485
The CVE-2021-33485 entry affects CODESYS Control Runtime System prior to version 3.5.17.10, where a heap-based buffer overflow is reported. Public sources consistently describe the vulnerability as a remote condition in the CODESYS Control Runtime, with the NVD metrics indicating network-based ac...
CVE-2020-15806
CVE-2020-15806 affects the CODESYS Control runtime system before 3.5.16.10. The issue is Uncontrolled Memory Allocation, which can cause the runtime to crash and, per linked sources, may lead to a denial of service. Technical details in the connected documents confirm the vulnerable component and...
CVE-2021-29242
CODESYS Control Runtime system prior to version 3.5.17.0 is affected by an input-validation weakness. A remote attacker can send crafted communication packets to change the router’s addressing scheme and may re-route, add, remove or alter low‑level communication packages. This CVE is documented w...
CVE-2021-36763
CVE-2021-36763 affects the CODESYS V3 web server prior to version 3.5.17.10. The vulnerability allows files or directories to be accessible to external parties. According to NVD/Red Hat entries, this is a web-server exposure issue in the CODESYS ecosystem, with CVSS data indicating Confidentialit...
CVE-2018-25048
The CVE-2018-25048 entry refers to a path-traversal vulnerability in the CODESYS runtime system across multiple versions. The vulnerability allows a remote, low-privilege attacker to access and modify all system files and perform a DoS on the device. Public exploitation details are not provided i...
CVE-2022-30792
CVE-2022-30792 concerns CODESYS V3’s CmpChannelServer, where an uncontrolled resource consumption flaw allows an unauthorized attacker to block new communication channel connections. The impact is limited to availability (existing connections remain functional), with CVSS indicating high impact (...