Lucene search
+L
CodesysRuntime Toolkit

9 matches found

CVE
CVE
added 2019/08/15 4:8 p.m.106 views

CVE-2019-9013

CVE-2019-9013 affects 3S-Smart CODESYS V3 products containing CmpUserMgr; the root cause is that credentials may be transported without TLS protection, enabling credential exposure. Affected are multiple CODESYS V3 runtimes and HMI/SDK components across BeagleBone, emPC-A/iMX6, IOT2000, Linux, PF...

8.8CVSS8.6AI score0.00303EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.73 views

CVE-2022-32142

CVE-2022-32142 affects multiple CODESYS products; an attacker with low privileges can craft requests with invalid offsets to trigger an out-of-bounds read/write, causing DoS or local memory overwrite and potentially changing local files. Descriptions consistently state no user interaction is requ...

8.1CVSS7.9AI score0.01001EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.72 views

CVE-2022-1965

CVE-2022-1965 concerns multiple CODESYS products with an improper error handling flaw. A low-privilege, remote attacker can craft a network request that is not properly processed by the error handling, potentially causing deletion of the file referenced by that request. No user interaction is req...

8.1CVSS8.2AI score0.01001EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.70 views

CVE-2022-32143

In CVE-2022-32143, multiple CODESYS products expose a file upload/download function that can access internal files in the working directory (e.g., PLC firmware). The issue is conditionally exploitable: requests are processed on the controller only if no level-1 password is configured or if the at...

8.8CVSS8.7AI score0.01131EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.68 views

CVE-2022-32137

In CVE-2022-32137, multiple CODESYS products are affected by a heap-based buffer overflow that an unauthenticated, low-privilege remote attacker can trigger by crafting a request. This condition can result in a Denial of Service or a memory overwrite, with no user interaction required. The NVD en...

8.8CVSS8.8AI score0.01323EPSS
CVE
CVE
added 2023/03/23 11:15 a.m.68 views

CVE-2022-4224

CVE-2022-4224 affects CODESYS v3 in multiple versions. A remote, low-privilege attacker could read/modify system files and OS resources or cause a DoS. CVSSv3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8). No concrete remediation details are provided in the supplied documents; ex...

8.8CVSS8.5AI score0.00883EPSS
CVE
CVE
added 2021/10/26 9:55 a.m.63 views

CVE-2021-34595

The CVE-2021-34595 issue affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56. A crafted request with invalid offsets can trigger an out-of-bounds read or write, leading to a denial-of-service condition or local memory overwrite. The issue’s impact is reflected ...

8.1CVSS7.9AI score0.00851EPSS
CVE
CVE
added 2022/06/24 7:46 a.m.61 views

CVE-2022-32138

CVE-2022-32138 affects multiple CODESYS products. A remote attacker can craft a request that triggers an unexpected sign extension, leading to denial-of-service or memory overwrite. The CVSS scores indicate high impact (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Affected detail on exact products, vers...

8.8CVSS8.8AI score0.01131EPSS
CVE
CVE
added 2023/12/05 2:29 p.m.57 views

CVE-2023-6357

CVE-2023-6357 is described as an OS command injection affecting multiple CODESYS Control products. Affected component is the SysFile/CAA-File system libraries; the root cause is command injection via these libraries. Reported impact is attacker gaining full control of the device; attack vector re...

8.8CVSS8.9AI score0.00958EPSS