Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codesys vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-5105
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker ...
Codesys Codesys 3.5.13.2
6.5
CVSSv3
CVE-2022-22518
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.
Codesys Control For Beaglebone Sl
Codesys Control For Beckhoff Cx9020
Codesys Control For Empc-a\\/imx6 Sl
Codesys Control For Iot2000 Sl
Codesys Control For Linux Sl
Codesys Control For Pfc100 Sl
Codesys Control For Pfc200 Sl
Codesys Control For Raspberry Pi Sl
Codesys Control For Wago Touch Panels 600 Sl
Codesys Control Runtime System Toolkit
7.3
CVSSv3
CVE-2023-3670
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
Codesys Scripting
Codesys Development System
7.5
CVSSv3
CVE-2021-30186
CODESYS V2 runtime system SP prior to 2.4.7.55 has a Heap-based Buffer Overflow.
Codesys Plcwinnt
Codesys Runtime Toolkit
1 Github repository
7.5
CVSSv3
CVE-2021-30195
CODESYS V2 runtime system prior to 2.4.7.55 has Improper Input Validation.
Codesys Plcwinnt
Codesys Runtime Toolkit
7.5
CVSSv3
CVE-2021-34593
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be block...
Codesys Plcwinnt
Codesys Runtime Toolkit
8.1
CVSSv3
CVE-2021-34595
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
Codesys Plcwinnt
Codesys Runtime Toolkit
8.8
CVSSv3
CVE-2022-32137
In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.
Codesys Runtime Toolkit
Codesys Plcwinnt
1 Github repository
8.1
CVSSv3
CVE-2022-1965
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.
Codesys Runtime Toolkit
Codesys Plcwinnt
9.8
CVSSv3
CVE-2022-31806
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
Codesys Runtime Toolkit
Codesys Plcwinnt
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »