Runtime Toolkit@* Security Vulnerabilities and Issues — Runtime Toolkit@* CVE List

CodesysRuntime Toolkit*

10 matches found

CVE•added 2021/10/26 9:55 a.m.•80 views

CVE-2021-34593

CVE-2021-34593 affects CODESYS V2 Runtime Toolkit 32‑Bit full and PLCWinNT prior to V2.4.7.56. Unauthenticated crafted invalid requests may trigger several denial‑of‑service conditions, potentially stopping running PLC programs, leaking memory, or blocking additional clients from accessing the PL...

7.5CVSS7.5AI score0.02649EPSS

Web

CVE•added 2022/06/24 7:46 a.m.•78 views

CVE-2022-31805

The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...

7.5CVSS7.8AI score0.00951EPSS

CVE•added 2022/06/24 7:46 a.m.•78 views

CVE-2022-31806

CVE-2022-31806 affects CODESYS V2 PLCWinNT and Runtime Toolkit 32-bit, prior to version V2.4.7.57, due to insecure/default password protection not enabled and no prompt to enable at login when no password exists. Public sources (CISA ICS advisory ICSA-25-329-05) describe potential consequences as...

9.8CVSS9.6AI score0.01118EPSS

CVE•added 2021/05/25 12:33 p.m.•59 views

CVE-2021-30195

CVE-2021-30195 affects the CODESYS V2 runtime system prior to 2.4.7.55. The vulnerability is caused by Improper Input Validation, leading to an out-of-bounds read that can cause a denial-of-service. Affected components are the CODESYS Runtime Toolkit 32‑bit full and PLCWinNT prior to 2.4.7.55. Mi...

7.5CVSS8AI score0.0718EPSS

CVE•added 2021/10/26 9:55 a.m.•58 views

CVE-2021-34595

The CVE-2021-34595 issue affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56. A crafted request with invalid offsets can trigger an out-of-bounds read or write, leading to a denial-of-service condition or local memory overwrite. The issue’s impact is reflected ...

8.1CVSS7.9AI score0.00851EPSS

CVE•added 2021/10/26 9:55 a.m.•53 views

CVE-2021-34596

CVE-2021-34596 affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT before version 2.4.7.56. A crafted request may trigger a read access to an uninitialized pointer, causing a denial-of-service condition. No exploitation details are provided in the documents. Remediation: update to V2.4.7....

6.5CVSS6.2AI score0.00828EPSS

CVE•added 2023/12/05 2:29 p.m.•50 views

CVE-2023-6357

CVE-2023-6357 is described as an OS command injection affecting multiple CODESYS Control products. Affected component is the SysFile/CAA-File system libraries; the root cause is command injection via these libraries. Reported impact is attacker gaining full control of the device; attack vector re...

8.8CVSS8.9AI score0.00958EPSS

CVE•added 2019/12/20 12:43 p.m.•48 views

CVE-2019-19789

CVE-2019-19789 affects 3S-Smart CODESYS SP Realtime NT before v2.3.7.28, CODESYS Runtime Toolkit 32‑bit full before v2.4.7.54, and CODESYS PLCWinNT before v2.4.7.54. Root cause: NULL pointer dereference. Impact stated in sources includes network access with potential HIGH availability impact (CVS...

6.5CVSS6.5AI score0.01218EPSS

CVE•added 2021/05/25 12:33 p.m.•48 views

CVE-2021-30186

CVE-2021-30186 affects CODESYS V2 runtime system SP prior to 2.4.7.55, where a heap-based buffer overflow is triggered by a crafted request. Public sources describe this as a vulnerability in the CODESYS Runtime Toolkit/PLCWinNT stack, enabling denial-of-service and, per ICS background, potential...

7.5CVSS8AI score0.07356EPSS

CVE•added 2021/05/25 11:47 a.m.•45 views

CVE-2021-30187

Summary: CVE-2021-30187 affects the CODESYS V2 Runtime System SPs prior to 2.4.7.55, enabling an OS command injection via the SysFile library. Affected product/component: CODESYS Control/Runtime Toolkit 32‑bit full SP before 2.4.7.55 (CODESYS V2 Runtime System). Root cause: Improper neutralizatio...

5.3CVSS6.3AI score0.00268EPSS