6 matches found
CVE-2021-30190
The CVE-2021-30190 entry covers CODESYS V2 Web-Server prior to version 1.1.9.20 with an Improper Access Control flaw. Public sources (ICSA-21-173-02, CNVD/NVD, 3rd-party advisories) describe that unauthorized remote requests can bypass authentication to read or write values on the PLC via the web...
CVE-2021-30192
CVE-2021-30192 affects CODESYS V2 Web-Server prior to 1.1.9.20. The vulnerability is an Improperly Implemented Security Check (CWE-358) that enables bypass of security protections on the web server, with consequences including the potential to read/write values or upload bootārelated files withou...
CVE-2021-30191
CVE-2021-30191 affects the CODESYS V2 Web-Server prior to 1.1.9.20. The root cause is a buffer copy without checking input size, causing a classic stack-based buffer overflow. Impact described in sources includes remote execution of code or denial of service by crashing the web server, with high-...
CVE-2021-30189
The CVE-2021-30189 vulnerability affects CODESYS V2 Web-Server prior to version 1.1.9.20. It is described as a stack-based buffer overflow in the web server component, which in practice could allow an attacker to run arbitrary code or cause a denial-of-service by crashing the service. Public docu...
CVE-2021-30193
CVE-2021-30193 affects CODESYS V2 Web-Server before 1.1.9.20. The vulnerability is an Out-of-bounds Write in the web server component, enabling crafted requests to write to arbitrary memory in the CODESYS Control runtime (potential remote code execution or crash). Affected products include CODESY...
CVE-2021-30194
CVE-2021-30194 applies to CODESYS V2 Web-Server prior to 1.1.9.20, with an Out-of-bounds Read vulnerability in the web server component. Public sources in connected documents confirm affected product/version and impact (read arbitrary memory; potential crash). CODESYS has released version 1.1.9.2...