20 matches found
CVE-2018-20026
CVE-2018-20026 affects 3S-Smart Software Solutions CODESYS V3 products prior to V3.5.14.0. The issue is improper restriction of the communication channel to intended endpoints (CWE-923), enabling an authenticated remote attacker to influence communications, potentially reading/modifying configura...
CVE-2023-37545
CVE-2023-37545 affects multiple Codesys products; after successful user authentication, crafted network requests can make CmpApp read from an invalid address, potentially causing a denial-of-service. No connected documents provide concrete version/product remediation details in this dataset.
CVE-2023-37555
Technical details about CVE-2023-37555 are not publicly available in the provided connected documents. The initial description mentions a possible DoS via CmpAppBP but no vendor/product/version specifics or fixes are given here. Monitor for updates.
CVE-2022-4224
CVE-2022-4224 affects CODESYS v3 in multiple versions. A remote, low-privilege attacker could read/modify system files and OS resources or cause a DoS. CVSSv3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8). No concrete remediation details are provided in the supplied documents; ex...
CVE-2023-37550
CVE-2023-37550 affects multiple Codesys products; after successful user authentication, crafted network requests can cause the CmpApp component to read from an invalid address, potentially causing a denial-of-service. CVSSv3.1 base score 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). No explicit reme...
CVE-2023-37557
CVE-2023-37557 affects multiple Codesys products via the CmpAppBP (and related components) in the Codesys Runtime System. After user authentication, specially crafted remote network requests can cause CmpAppBP to overwrite a heap-based buffer, potentially leading to a denial-of-service condition....
CVE-2018-20025
CVE-2018-20025 concerns a weakness in CODESYS V3 products prior to version 3.5.14.0 where insufficiently random values are used, impacting confidentiality and integrity. Public disclosures and multiple advisories (NVD entry and ICS/CISA notes) describe risks in the CODESYS Control runtime, web se...
CVE-2020-7052
CVE-2020-7052 affects CODESYS Control V3, Gateway V3 and HMI V3 before 3.5.15.30. The issue is uncontrolled memory allocation that can lead to a remote denial of service. The connected sources reiterate the same affected products and condition; no explicit patch/version details are provided in th...
CVE-2019-9009
CVE-2019-9009 affects 3S-Smart CODESYS V3 runtime systems prior to 3.5.15.0. A crafted network packet can cause the Control Runtime to crash, enabling a remote denial of service. The issue is associated with CODESYS V3 products containing a communication server, and patches are available in versi...
CVE-2023-37556
In CVE-2023-37556, multiple Codesys products are affected. After user authentication, specifically crafted network requests with inconsistent content can cause the CmpAppBP component to read from an invalid address, potentially leading to a denial-of-service. The vulnerability is within the Codes...
CVE-2023-37558
CVE-2023-37558 affects multiple Codesys products using the CODESYS Runtime System (RTS). After user authentication, specially crafted network requests with inconsistent content can cause the CmpAppForce component to read from an invalid address, potentially enabling a denial-of-service condition....
CVE-2023-37546
The CVE-2023-37546 entry concerns multiple Codesys products (in multiple versions) where, after successful user authentication, crafted network requests with inconsistent content can cause the CmpApp component to read from an invalid address, potentially leading to a denial-of-service. The impact...
CVE-2023-37547
CVE-2023-37547 affects multiple Codesys products using the Codesys Runtime System. After successful user authentication, crafted network requests with inconsistent content can cause CmpApp to read from an invalid address, potentially resulting in a denial-of-service. The description also referenc...
CVE-2023-37548
CVE-2023-37548 affects multiple Codesys products; after successful user authentication, crafted network requests with inconsistent content can cause the CmpApp component to read from an invalid address, potentially leading to a denial-of-service. Root cause: improper handling of crafted input in ...
CVE-2023-37551
The CVE-2023-37551 issue affects Codesys products where, after user authentication, crafted requests can use the CmpApp component to download files with arbitrary extensions to the controller, bypassing type filtering and potentially compromising the CODESYS Runtime integrity. The attack paths de...
CVE-2023-37552
Technical details for CVE-2023-37552 are not provided in the supplied documents; no specific affected products, root cause, or remediation are present. Monitor for updates from official advisories.
CVE-2023-37554
CVE-2023-37554 concerns multiple Codesys products where, after user authentication, crafted network requests to the CmpAppBP/CmpApp component can cause reads from an invalid address, potentially resulting in denial-of-service. The issue is reported across multiple Codesys versions; it is distinct...
CVE-2023-37559
CVE-2023-37559 affects multiple Codesys products that use the CODESYS Runtime System. The issue allows an authenticated user to send crafted network requests that cause the CmpAppForce (and related CmpAppBP) components to read from invalid memory addresses, potentially enabling a denial‑of‑servic...
CVE-2023-37549
Technical details about CVE-2023-37549 are not provided in the connected documents. Public info mentions a DoS in Codesys CmpApp after authentication, but specifics (affected versions, exploit paths, or fixes) are not disclosed here. Monitor for updates.
CVE-2023-37553
Technical details for CVE-2023-37553 are not publicly available in the provided documents. Monitoring for updates is advised.