9 matches found
CVE-2019-9013
CVE-2019-9013 affects 3S-Smart CODESYS V3 products containing CmpUserMgr; the root cause is that credentials may be transported without TLS protection, enabling credential exposure. Affected are multiple CODESYS V3 runtimes and HMI/SDK components across BeagleBone, emPC-A/iMX6, IOT2000, Linux, PF...
CVE-2022-32142
CVE-2022-32142 affects multiple CODESYS products; an attacker with low privileges can craft requests with invalid offsets to trigger an out-of-bounds read/write, causing DoS or local memory overwrite and potentially changing local files. Descriptions consistently state no user interaction is requ...
CVE-2022-1965
CVE-2022-1965 concerns multiple CODESYS products with an improper error handling flaw. A low-privilege, remote attacker can craft a network request that is not properly processed by the error handling, potentially causing deletion of the file referenced by that request. No user interaction is req...
CVE-2022-32143
In CVE-2022-32143, multiple CODESYS products expose a file upload/download function that can access internal files in the working directory (e.g., PLC firmware). The issue is conditionally exploitable: requests are processed on the controller only if no level-1 password is configured or if the at...
CVE-2022-32137
In CVE-2022-32137, multiple CODESYS products are affected by a heap-based buffer overflow that an unauthenticated, low-privilege remote attacker can trigger by crafting a request. This condition can result in a Denial of Service or a memory overwrite, with no user interaction required. The NVD en...
CVE-2022-4224
CVE-2022-4224 affects CODESYS v3 in multiple versions. A remote, low-privilege attacker could read/modify system files and OS resources or cause a DoS. CVSSv3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8). No concrete remediation details are provided in the supplied documents; ex...
CVE-2021-34595
The CVE-2021-34595 issue affects CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56. A crafted request with invalid offsets can trigger an out-of-bounds read or write, leading to a denial-of-service condition or local memory overwrite. The issue’s impact is reflected ...
CVE-2022-32138
CVE-2022-32138 affects multiple CODESYS products. A remote attacker can craft a request that triggers an unexpected sign extension, leading to denial-of-service or memory overwrite. The CVSS scores indicate high impact (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Affected detail on exact products, vers...
CVE-2023-6357
CVE-2023-6357 is described as an OS command injection affecting multiple CODESYS Control products. Affected component is the SysFile/CAA-File system libraries; the root cause is command injection via these libraries. Reported impact is attacker gaining full control of the device; attack vector re...