Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CodesysRuntime Toolkit

9 matches found

CVE
CVEadded 2019/08/15 5:15 p.m.82 views

CVE-2019-9013

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are...

8.8CVSS8.6AI score0.0018EPSS
CVE
CVEadded 2022/06/24 8:15 a.m.55 views

CVE-2022-32143

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously succ...

8.8CVSS8.7AI score0.01107EPSS
CVE
CVEadded 2022/06/24 8:15 a.m.53 views

CVE-2022-1965

Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.

8.1CVSS8.2AI score0.00421EPSS
CVE
CVEadded 2022/06/24 8:15 a.m.53 views

CVE-2022-32137

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.

8.8CVSS8.8AI score0.01408EPSS
CVE
CVEadded 2022/06/24 8:15 a.m.53 views

CVE-2022-32142

Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a chang...

8.1CVSS7.9AI score0.0103EPSS
CVE
CVEadded 2023/03/23 12:15 p.m.52 views

CVE-2022-4224

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

8.8CVSS8.5AI score0.00596EPSS
CVE
CVEadded 2022/06/24 8:15 a.m.45 views

CVE-2022-32138

In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.

8.8CVSS8.8AI score0.01181EPSS
CVE
CVEadded 2021/10/26 10:15 a.m.38 views

CVE-2021-34595

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

8.1CVSS7.9AI score0.00473EPSS
CVE
CVEadded 2023/12/05 3:15 p.m.36 views

CVE-2023-6357

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

8.8CVSS8.9AI score0.00284EPSS