Embedded Target Visu Toolkit Codesys Embedded Target Visu Toolkit

Do you want an email whenever new security vulnerabilities are reported in Codesys Embedded Target Visu Toolkit?

By the Year

In 2024 there have been 0 vulnerabilities in Codesys Embedded Target Visu Toolkit . Last year Embedded Target Visu Toolkit had 1 security vulnerability published. Right now, Embedded Target Visu Toolkit is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 8.80
2022 7 7.39
2021 3 8.20
2020 2 8.65
2019 3 9.03
2018 0 0.00

It may take a day or so for new Embedded Target Visu Toolkit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Codesys Embedded Target Visu Toolkit Security Vulnerabilities

The CODESYS runtime system in multiple versions

CVE-2018-25048 8.8 - High - March 23, 2023

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

Directory traversal

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption

CVE-2022-30792 7.5 - High - July 11, 2022

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

Resource Exhaustion

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption

CVE-2022-30791 7.5 - High - July 11, 2022

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

Resource Exhaustion

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products

CVE-2022-22513 6.5 - Medium - April 07, 2022

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

NULL Pointer Dereference

A remote, unauthenticated attacker

CVE-2022-22519 7.5 - High - April 07, 2022

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

Buffer Over-read

An unauthenticated, remote attacker

CVE-2022-22517 7.5 - High - April 07, 2022

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

Use of Insufficiently Random Values

A remote

CVE-2022-22515 8.1 - High - April 07, 2022

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

Exposure of Resource to Wrong Sphere

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request

CVE-2022-22514 7.1 - High - April 07, 2022

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

Untrusted Pointer Dereference

In CODESYS V3 web server before 3.5.17.10

CVE-2021-36763 7.5 - High - August 03, 2021

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.

Files or Directories Accessible to External Parties

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

CVE-2021-33485 9.8 - Critical - August 03, 2021

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

Memory Corruption

CODESYS Control Runtime system before 3.5.17.0 has improper input validation

CVE-2021-29242 7.3 - High - May 03, 2021

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

Improper Input Validation

CODESYS Control runtime system before 3.5.16.10

CVE-2020-15806 7.5 - High - July 22, 2020

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.

Allocation of Resources Without Limits or Throttling

CODESYS V3 web server before 3.5.15.40

CVE-2020-10245 9.8 - Critical - March 26, 2020

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

Memory Corruption

CODESYS 3 web server before 3.5.15.20

CVE-2019-18858 9.8 - Critical - November 20, 2019

CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.

Classic Buffer Overflow

CODESYS V3 web server, all versions prior to 3.5.14.10

CVE-2019-13532 7.5 - High - September 13, 2019

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.

Directory traversal

CODESYS V3 web server, all versions prior to 3.5.14.10

CVE-2019-13548 9.8 - Critical - September 13, 2019

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Codesys Remote Target Visu Toolkit or by Codesys? Click the Watch button to subscribe.

Codesys
Vendor

subscribe