Codesys Edge Gateway
By the Year
In 2024 there have been 0 vulnerabilities in Codesys Edge Gateway . Edge Gateway did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 6 | 7.27 |
| 2021 | 2 | 7.40 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Edge Gateway vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Codesys Edge Gateway Security Vulnerabilities
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption
CVE-2022-30792
7.5 - High
- July 11, 2022
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Resource Exhaustion
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption
CVE-2022-30791
7.5 - High
- July 11, 2022
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
Resource Exhaustion
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
CVE-2022-31805
7.5 - High
- June 24, 2022
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Unprotected Transport of Credentials
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products
CVE-2022-22513
6.5 - Medium
- April 07, 2022
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
NULL Pointer Dereference
An unauthenticated, remote attacker
CVE-2022-22517
7.5 - High
- April 07, 2022
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
Use of Insufficiently Random Values
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request
CVE-2022-22514
7.1 - High
- April 07, 2022
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
Untrusted Pointer Dereference
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference
CVE-2021-29241
7.5 - High
- May 03, 2021
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
NULL Pointer Dereference
CODESYS Control Runtime system before 3.5.17.0 has improper input validation
CVE-2021-29242
7.3 - High
- May 03, 2021
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Codesys Control Runtime System Toolkit or by Codesys? Click the Watch button to subscribe.
