Codesys
Products by Codesys Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 1 vulnerability in Codesys with an average score of 4.4 out of ten. Last year Codesys had 41 security vulnerabilities published. Right now, Codesys is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 3.01
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 4.40 |
2023 | 41 | 7.41 |
2022 | 25 | 7.49 |
2021 | 34 | 8.04 |
2020 | 6 | 7.77 |
2019 | 15 | 8.38 |
2018 | 0 | 0.00 |
It may take a day or so for new Codesys vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Codesys Security Vulnerabilities
Out-of-Bounds read vulnerability in OSCAT Basic Library
CVE-2024-6876
4.4 - Medium
- September 10, 2024
Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.
Out-of-bounds Read
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands
CVE-2023-6357
8.8 - High
- December 05, 2023
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
Shell injection
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer
CVE-2022-4046
8.8 - High
- August 03, 2023
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
Buffer Overflow
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally
CVE-2023-37550
6.5 - Medium
- August 03, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549.
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally
CVE-2023-37549
6.5 - Medium
- August 03, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally
CVE-2023-37548
6.5 - Medium
- August 03, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally
CVE-2023-37547
6.5 - Medium
- August 03, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally
CVE-2023-37546
6.5 - Medium
- August 03, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally
CVE-2023-37559
6.5 - Medium
- August 03, 2023
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally
CVE-2023-37558
6.5 - Medium
- August 03, 2023
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer
CVE-2023-37557
6.5 - Medium
- August 03, 2023
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
Memory Corruption
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally
CVE-2023-37556
6.5 - Medium
- August 03, 2023
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555.
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally
CVE-2023-37555
6.5 - Medium
- August 03, 2023
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556.
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally
CVE-2023-37554
6.5 - Medium
- August 03, 2023
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556.
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally
CVE-2023-37553
6.5 - Medium
- August 03, 2023
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally
CVE-2023-37552
6.5 - Medium
- August 03, 2023
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests
CVE-2023-37551
6.5 - Medium
- August 03, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.
Files or Directories Accessible to External Parties
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20
CVE-2023-3669
3.3 - Low
- August 03, 2023
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.
Improper Restriction of Excessive Authentication Attempts
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally
CVE-2023-37545
6.5 - Medium
- August 03, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might
CVE-2023-3663
8.8 - High
- August 03, 2023
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.
Improper Verification of Source of a Communication Channel
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability
CVE-2023-3662
7.3 - High
- August 03, 2023
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .
DLL preloading
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts
CVE-2023-3670
7.3 - High
- July 28, 2023
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
Exposure of Resource to Wrong Sphere
An authenticated
CVE-2022-47393
6.5 - Medium
- May 15, 2023
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
Buffer Overflow
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read
CVE-2022-47392
6.5 - Medium
- May 15, 2023
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
Improper Input Validation
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47390
8.8 - High
- May 15, 2023
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47389
8.8 - High
- May 15, 2023
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47388
8.8 - High
- May 15, 2023
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47387
8.8 - High
- May 15, 2023
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47386
8.8 - High
- May 15, 2023
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47385
8.8 - High
- May 15, 2023
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47384
8.8 - High
- May 15, 2023
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47383
8.8 - High
- May 15, 2023
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47382
8.8 - High
- May 15, 2023
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47381
8.8 - High
- May 15, 2023
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack
CVE-2022-47380
8.8 - High
- May 15, 2023
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory
CVE-2022-47379
8.8 - High
- May 15, 2023
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Memory Corruption
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40
CVE-2022-4048
7.7 - High
- May 15, 2023
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.
Inadequate Encryption Strength
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read
CVE-2022-47391
7.5 - High
- May 15, 2023
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
Improper Input Validation
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability
CVE-2022-47378
6.5 - Medium
- May 15, 2023
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
Improper Input Validation
Improper Input Validation vulnerability in multiple CODESYS V3 products
CVE-2022-22508
4.3 - Medium
- May 15, 2023
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.
Improper Input Validation
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
CVE-2022-4224
8.8 - High
- March 23, 2023
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
Insecure Default Initialization of Resource
The CODESYS runtime system in multiple versions
CVE-2018-25048
8.8 - High
- March 23, 2023
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
Directory traversal
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr
CVE-2020-12069
7.8 - High
- December 26, 2022
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
Use of Password Hash With Insufficient Computational Effort
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure
CVE-2022-1989
5.3 - Medium
- August 23, 2022
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
Side Channel Attack
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption
CVE-2022-30792
7.5 - High
- July 11, 2022
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Resource Exhaustion
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption
CVE-2022-30791
7.5 - High
- July 11, 2022
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
Resource Exhaustion
In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g
CVE-2022-32143
8.8 - High
- June 24, 2022
In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required
Files or Directories Accessible to External Parties
Multiple CODESYS Products are prone to a out-of bounds read or write access
CVE-2022-32142
8.1 - High
- June 24, 2022
Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.
Untrusted pointer offset
Multiple CODESYS Products are prone to a buffer over read
CVE-2022-32141
6.5 - Medium
- June 24, 2022
Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.
Out-of-bounds Read
Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request
CVE-2022-32140
6.5 - Medium
- June 24, 2022
Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required.
Classic Buffer Overflow
In multiple CODESYS products, a low privileged remote attacker may craft a request
CVE-2022-32139
6.5 - Medium
- June 24, 2022
In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.
Out-of-bounds Read
In multiple CODESYS products, a remote attacker may craft a request
CVE-2022-32138
8.8 - High
- June 24, 2022
In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.
Unexpected Sign Extension
In multiple CODESYS products, a low privileged remote attacker may craft a request
CVE-2022-32137
8.8 - High
- June 24, 2022
In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.
Heap-based Buffer Overflow
In multiple CODESYS products, a low privileged remote attacker may craft a request
CVE-2022-32136
6.5 - Medium
- June 24, 2022
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.
Access of Uninitialized Pointer
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits
CVE-2022-31804
7.5 - High
- June 24, 2022
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
Stack Exhaustion
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections
CVE-2022-31803
5.3 - Medium
- June 24, 2022
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.
Resource Exhaustion
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password
CVE-2022-31802
9.8 - Critical
- June 24, 2022
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
Partial String Comparison
Multiple products of CODESYS implement a improper error handling
CVE-2022-1965
8.1 - High
- June 24, 2022
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.
Improper Handling of Exceptional Conditions
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
CVE-2022-31806
9.8 - Critical
- June 24, 2022
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
Insecure Default Initialization of Resource
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
CVE-2022-31805
7.5 - High
- June 24, 2022
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Unprotected Transport of Credentials
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products
CVE-2022-22513
6.5 - Medium
- April 07, 2022
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
NULL Pointer Dereference
A remote, unauthenticated attacker
CVE-2022-22519
7.5 - High
- April 07, 2022
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
Buffer Over-read
A bug in CmpUserMgr component can lead to only partially applied security policies
CVE-2022-22518
6.5 - Medium
- April 07, 2022
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.
Incorrect Default Permissions
An unauthenticated, remote attacker
CVE-2022-22517
7.5 - High
- April 07, 2022
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
Use of Insufficiently Random Values
A remote
CVE-2022-22515
8.1 - High
- April 07, 2022
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
Exposure of Resource to Wrong Sphere
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request
CVE-2022-22514
7.1 - High
- April 07, 2022
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
Untrusted Pointer Dereference
Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference
CVE-2022-22510
7.5 - High
- February 02, 2022
Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.
NULL Pointer Dereference
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56
CVE-2021-34596
6.5 - Medium
- October 26, 2021
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
Access of Uninitialized Pointer
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56
CVE-2021-34595
8.1 - High
- October 26, 2021
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
Buffer Overflow
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions
CVE-2021-34593
7.5 - High
- October 26, 2021
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.
Improper Handling of Exceptional Conditions
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
CVE-2021-34586
7.5 - High
- October 26, 2021
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
NULL Pointer Dereference
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error
CVE-2021-34585
7.5 - High
- October 26, 2021
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.
Unchecked Return Value
Crafted web server requests
CVE-2021-34584
9.1 - Critical
- October 26, 2021
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
Buffer Over-read
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
CVE-2021-34583
7.5 - High
- October 26, 2021
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
Memory Corruption
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17
CVE-2021-21869
7.8 - High
- August 25, 2021
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Marshaling, Unmarshaling
An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17
CVE-2021-21868
7.8 - High
- August 18, 2021
An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Marshaling, Unmarshaling
An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17
CVE-2021-21867
7.8 - High
- August 18, 2021
An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Marshaling, Unmarshaling
A unsafe deserialization vulnerability exists in the ComponentModel Profile.
CVE-2021-21863
7.8 - High
- August 05, 2021
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Marshaling, Unmarshaling
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack
CVE-2021-36765
7.5 - High
- August 04, 2021
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.
NULL Pointer Dereference
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference
CVE-2021-36764
7.5 - High
- August 04, 2021
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
NULL Pointer Dereference
In CODESYS V3 web server before 3.5.17.10
CVE-2021-36763
7.5 - High
- August 03, 2021
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
Files or Directories Accessible to External Parties
All versions of the CODESYS V3 Runtime Toolkit for VxWorks
CVE-2021-33486
7.5 - High
- August 03, 2021
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
Improper Handling of Exceptional Conditions
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVE-2021-33485
9.8 - Critical
- August 03, 2021
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
Memory Corruption
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17
CVE-2021-21866
7.8 - High
- August 02, 2021
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Marshaling, Unmarshaling
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16
CVE-2021-21865
7.8 - High
- August 02, 2021
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Marshaling, Unmarshaling
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17
CVE-2021-21864
7.8 - High
- August 02, 2021
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Marshaling, Unmarshaling
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
CVE-2021-30194
9.1 - Critical
- May 25, 2021
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
Out-of-bounds Read
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
CVE-2021-30193
9.8 - Critical
- May 25, 2021
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
Memory Corruption
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
CVE-2021-30195
7.5 - High
- May 25, 2021
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
Out-of-bounds Read
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
CVE-2021-30191
7.5 - High
- May 25, 2021
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
Classic Buffer Overflow
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
CVE-2021-30190
9.8 - Critical
- May 25, 2021
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
Missing Authentication for Critical Function
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
CVE-2021-30189
9.8 - Critical
- May 25, 2021
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
Memory Corruption
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
CVE-2021-30188
9.8 - Critical
- May 25, 2021
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
Memory Corruption
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
CVE-2021-30186
7.5 - High
- May 25, 2021
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
Memory Corruption
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
CVE-2021-30192
9.8 - Critical
- May 25, 2021
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
CVE-2021-30187
5.3 - Medium
- May 25, 2021
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
Shell injection
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
CVE-2021-29240
7.8 - High
- May 04, 2021
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
CVE-2021-29239
7.8 - High
- May 03, 2021
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
Insufficient Verification of Data Authenticity
CODESYS Automation Server before 1.16.0
CVE-2021-29238
8.8 - High
- May 03, 2021
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
Session Riding