Codesys Codesys

Do you want an email whenever new security vulnerabilities are reported in any Codesys product?

Products by Codesys Sorted by Most Security Vulnerabilities since 2018

Codesys Control For Pfc200 Sl51 vulnerabilities

Codesys Control For Iot2000 Sl51 vulnerabilities

Codesys Control For Pfc100 Sl51 vulnerabilities

Codesys Control For Linux Sl51 vulnerabilities

Codesys Control Win Sl45 vulnerabilities

Codesys Control Rte Sl45 vulnerabilities

Codesys Control For Plcnext Sl41 vulnerabilities

Codesys Development System40 vulnerabilities

Codesys Hmi30 vulnerabilities

Codesys Hmi Sl29 vulnerabilities

Codesys Runtime Toolkit22 vulnerabilities

Codesys Safety Sil220 vulnerabilities

Codesys Development System V318 vulnerabilities

Codesys Gateway18 vulnerabilities

Codesys Plcwinnt17 vulnerabilities

Codesys Safety Sil2 Psp15 vulnerabilities

Codesys Control For Empc Aimx615 vulnerabilities

Codesys Control Rte14 vulnerabilities

Codesys Control For Beaglebone14 vulnerabilities

Codesys Control Win14 vulnerabilities

Codesys Control For Pfc10012 vulnerabilities

Codesys Control For Iot200012 vulnerabilities

Codesys Control For Pfc20012 vulnerabilities

Codesys9 vulnerabilities

Codesys Edge Gateway8 vulnerabilities

Codesys Control For Plcnext8 vulnerabilities

Codesys Control For Linux7 vulnerabilities

Codesys V2 Web Server6 vulnerabilities

Codesys Simulation Runtime6 vulnerabilities

Codesys Opc Server3 vulnerabilities

Codesys Plchandler3 vulnerabilities

Codesys Sp Realtime Nt2 vulnerabilities

Codesys Control2 vulnerabilities

Codesys Linux2 vulnerabilities

Codesys Web Server1 vulnerability

Codesys Visualization1 vulnerability

Codesys Control Win V31 vulnerability

Codesys Targetvisu Sl1 vulnerability

Codesys Eni Server1 vulnerability

Codesys Scripting1 vulnerability

Codesys Automation Server1 vulnerability

Codesys Ethernetip1 vulnerability

Codesys Safety Sil1 vulnerability

Codesys Control Rte V31 vulnerability

Codesys Hmi V31 vulnerability

Codesys Runtime Plcwinnt1 vulnerability

Codesys Runtime1 vulnerability

Codesys Raspberry Pi1 vulnerability

Codesys Profinet1 vulnerability

By the Year

In 2024 there have been 1 vulnerability in Codesys with an average score of 4.4 out of ten. Last year Codesys had 41 security vulnerabilities published. Right now, Codesys is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 3.01

Year Vulnerabilities Average Score
2024 1 4.40
2023 41 7.41
2022 25 7.49
2021 34 8.04
2020 6 7.77
2019 15 8.38
2018 0 0.00

It may take a day or so for new Codesys vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Codesys Security Vulnerabilities

Out-of-Bounds read vulnerability in OSCAT Basic Library

CVE-2024-6876 4.4 - Medium - September 10, 2024

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.

Out-of-bounds Read

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands

CVE-2023-6357 8.8 - High - December 05, 2023

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

Shell injection

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer

CVE-2022-4046 8.8 - High - August 03, 2023

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.

Buffer Overflow

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally

CVE-2023-37550 6.5 - Medium - August 03, 2023

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549.

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally

CVE-2023-37549 6.5 - Medium - August 03, 2023

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally

CVE-2023-37548 6.5 - Medium - August 03, 2023

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally

CVE-2023-37547 6.5 - Medium - August 03, 2023

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally

CVE-2023-37546 6.5 - Medium - August 03, 2023

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally

CVE-2023-37559 6.5 - Medium - August 03, 2023

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally

CVE-2023-37558 6.5 - Medium - August 03, 2023

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer

CVE-2023-37557 6.5 - Medium - August 03, 2023

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.

Memory Corruption

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally

CVE-2023-37556 6.5 - Medium - August 03, 2023

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555.

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally

CVE-2023-37555 6.5 - Medium - August 03, 2023

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556.

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally

CVE-2023-37554 6.5 - Medium - August 03, 2023

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556.

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally

CVE-2023-37553 6.5 - Medium - August 03, 2023

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally

CVE-2023-37552 6.5 - Medium - August 03, 2023

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests

CVE-2023-37551 6.5 - Medium - August 03, 2023

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.

Files or Directories Accessible to External Parties

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20

CVE-2023-3669 3.3 - Low - August 03, 2023

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

Improper Restriction of Excessive Authentication Attempts

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally

CVE-2023-37545 6.5 - Medium - August 03, 2023

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might

CVE-2023-3663 8.8 - High - August 03, 2023

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.

Improper Verification of Source of a Communication Channel

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability

CVE-2023-3662 7.3 - High - August 03, 2023

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .

DLL preloading

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts

CVE-2023-3670 7.3 - High - July 28, 2023

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

Exposure of Resource to Wrong Sphere

An authenticated

CVE-2022-47393 6.5 - Medium - May 15, 2023

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.

Buffer Overflow

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read

CVE-2022-47392 6.5 - Medium - May 15, 2023

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.

Improper Input Validation

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47390 8.8 - High - May 15, 2023

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47389 8.8 - High - May 15, 2023

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47388 8.8 - High - May 15, 2023

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47387 8.8 - High - May 15, 2023

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47386 8.8 - High - May 15, 2023

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47385 8.8 - High - May 15, 2023

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47384 8.8 - High - May 15, 2023

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47383 8.8 - High - May 15, 2023

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47382 8.8 - High - May 15, 2023

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47381 8.8 - High - May 15, 2023

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack

CVE-2022-47380 8.8 - High - May 15, 2023

An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory

CVE-2022-47379 8.8 - High - May 15, 2023

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Memory Corruption

Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40

CVE-2022-4048 7.7 - High - May 15, 2023

Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.

Inadequate Encryption Strength

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read

CVE-2022-47391 7.5 - High - May 15, 2023

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

Improper Input Validation

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability

CVE-2022-47378 6.5 - Medium - May 15, 2023

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.

Improper Input Validation

Improper Input Validation vulnerability in multiple CODESYS V3 products

CVE-2022-22508 4.3 - Medium - May 15, 2023

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.

Improper Input Validation

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

CVE-2022-4224 8.8 - High - March 23, 2023

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

Insecure Default Initialization of Resource

The CODESYS runtime system in multiple versions

CVE-2018-25048 8.8 - High - March 23, 2023

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

Directory traversal

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr

CVE-2020-12069 7.8 - High - December 26, 2022

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Use of Password Hash With Insufficient Computational Effort

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure

CVE-2022-1989 5.3 - Medium - August 23, 2022

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.

Side Channel Attack

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption

CVE-2022-30792 7.5 - High - July 11, 2022

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

Resource Exhaustion

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption

CVE-2022-30791 7.5 - High - July 11, 2022

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

Resource Exhaustion

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g

CVE-2022-32143 8.8 - High - June 24, 2022

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required

Files or Directories Accessible to External Parties

Multiple CODESYS Products are prone to a out-of bounds read or write access

CVE-2022-32142 8.1 - High - June 24, 2022

Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.

Untrusted pointer offset

Multiple CODESYS Products are prone to a buffer over read

CVE-2022-32141 6.5 - Medium - June 24, 2022

Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.

Out-of-bounds Read

Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request

CVE-2022-32140 6.5 - Medium - June 24, 2022

Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required.

Classic Buffer Overflow

In multiple CODESYS products, a low privileged remote attacker may craft a request

CVE-2022-32139 6.5 - Medium - June 24, 2022

In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.

Out-of-bounds Read

In multiple CODESYS products, a remote attacker may craft a request

CVE-2022-32138 8.8 - High - June 24, 2022

In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.

Unexpected Sign Extension

In multiple CODESYS products, a low privileged remote attacker may craft a request

CVE-2022-32137 8.8 - High - June 24, 2022

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.

Heap-based Buffer Overflow

In multiple CODESYS products, a low privileged remote attacker may craft a request

CVE-2022-32136 6.5 - Medium - June 24, 2022

In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.

Access of Uninitialized Pointer

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits

CVE-2022-31804 7.5 - High - June 24, 2022

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.

Stack Exhaustion

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections

CVE-2022-31803 5.3 - Medium - June 24, 2022

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.

Resource Exhaustion

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password

CVE-2022-31802 9.8 - Critical - June 24, 2022

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

Partial String Comparison

Multiple products of CODESYS implement a improper error handling

CVE-2022-1965 8.1 - High - June 24, 2022

Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.

Improper Handling of Exceptional Conditions

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.

CVE-2022-31806 9.8 - Critical - June 24, 2022

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.

Insecure Default Initialization of Resource

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

CVE-2022-31805 7.5 - High - June 24, 2022

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

Unprotected Transport of Credentials

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products

CVE-2022-22513 6.5 - Medium - April 07, 2022

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

NULL Pointer Dereference

A remote, unauthenticated attacker

CVE-2022-22519 7.5 - High - April 07, 2022

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

Buffer Over-read

A bug in CmpUserMgr component can lead to only partially applied security policies

CVE-2022-22518 6.5 - Medium - April 07, 2022

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.

Incorrect Default Permissions

An unauthenticated, remote attacker

CVE-2022-22517 7.5 - High - April 07, 2022

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

Use of Insufficiently Random Values

A remote

CVE-2022-22515 8.1 - High - April 07, 2022

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

Exposure of Resource to Wrong Sphere

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request

CVE-2022-22514 7.1 - High - April 07, 2022

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

Untrusted Pointer Dereference

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference

CVE-2022-22510 7.5 - High - February 02, 2022

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.

NULL Pointer Dereference

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56

CVE-2021-34596 6.5 - Medium - October 26, 2021

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

Access of Uninitialized Pointer

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56

CVE-2021-34595 8.1 - High - October 26, 2021

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

Buffer Overflow

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions

CVE-2021-34593 7.5 - High - October 26, 2021

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Improper Handling of Exceptional Conditions

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

CVE-2021-34586 7.5 - High - October 26, 2021

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

NULL Pointer Dereference

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error

CVE-2021-34585 7.5 - High - October 26, 2021

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

Unchecked Return Value

Crafted web server requests

CVE-2021-34584 9.1 - Critical - October 26, 2021

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Buffer Over-read

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

CVE-2021-34583 7.5 - High - October 26, 2021

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Memory Corruption

An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17

CVE-2021-21869 7.8 - High - August 25, 2021

An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Marshaling, Unmarshaling

An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17

CVE-2021-21868 7.8 - High - August 18, 2021

An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Marshaling, Unmarshaling

An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17

CVE-2021-21867 7.8 - High - August 18, 2021

An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Marshaling, Unmarshaling

A unsafe deserialization vulnerability exists in the ComponentModel Profile.

CVE-2021-21863 7.8 - High - August 05, 2021

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Marshaling, Unmarshaling

In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack

CVE-2021-36765 7.5 - High - August 04, 2021

In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.

NULL Pointer Dereference

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference

CVE-2021-36764 7.5 - High - August 04, 2021

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

NULL Pointer Dereference

In CODESYS V3 web server before 3.5.17.10

CVE-2021-36763 7.5 - High - August 03, 2021

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.

Files or Directories Accessible to External Parties

All versions of the CODESYS V3 Runtime Toolkit for VxWorks

CVE-2021-33486 7.5 - High - August 03, 2021

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.

Improper Handling of Exceptional Conditions

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

CVE-2021-33485 9.8 - Critical - August 03, 2021

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

Memory Corruption

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17

CVE-2021-21866 7.8 - High - August 02, 2021

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Marshaling, Unmarshaling

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16

CVE-2021-21865 7.8 - High - August 02, 2021

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Marshaling, Unmarshaling

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17

CVE-2021-21864 7.8 - High - August 02, 2021

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Marshaling, Unmarshaling

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

CVE-2021-30194 9.1 - Critical - May 25, 2021

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

Out-of-bounds Read

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

CVE-2021-30193 9.8 - Critical - May 25, 2021

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

Memory Corruption

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

CVE-2021-30195 7.5 - High - May 25, 2021

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

Out-of-bounds Read

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

CVE-2021-30191 7.5 - High - May 25, 2021

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

Classic Buffer Overflow

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

CVE-2021-30190 9.8 - Critical - May 25, 2021

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

Missing Authentication for Critical Function

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

CVE-2021-30189 9.8 - Critical - May 25, 2021

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

Memory Corruption

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

CVE-2021-30188 9.8 - Critical - May 25, 2021

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

Memory Corruption

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

CVE-2021-30186 7.5 - High - May 25, 2021

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

Memory Corruption

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

CVE-2021-30192 9.8 - Critical - May 25, 2021

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

CVE-2021-30187 5.3 - Medium - May 25, 2021

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

Shell injection

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.

CVE-2021-29240 7.8 - High - May 04, 2021

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

CVE-2021-29239 7.8 - High - May 03, 2021

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

Insufficient Verification of Data Authenticity

CODESYS Automation Server before 1.16.0

CVE-2021-29238 8.8 - High - May 03, 2021

CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).

Session Riding

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference

CVE-2021-29241 7.5 - High - May 03, 2021

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

NULL Pointer Dereference

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.