Codesys Remote Target Visu Toolkit
By the Year
In 2024 there have been 0 vulnerabilities in Codesys Remote Target Visu Toolkit . Last year Remote Target Visu Toolkit had 1 security vulnerability published. Right now, Remote Target Visu Toolkit is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 8.80 |
2022 | 7 | 7.39 |
2021 | 3 | 8.20 |
2020 | 2 | 8.65 |
2019 | 3 | 9.03 |
2018 | 0 | 0.00 |
It may take a day or so for new Remote Target Visu Toolkit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Codesys Remote Target Visu Toolkit Security Vulnerabilities
The CODESYS runtime system in multiple versions
CVE-2018-25048
8.8 - High
- March 23, 2023
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
Directory traversal
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption
CVE-2022-30792
7.5 - High
- July 11, 2022
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Resource Exhaustion
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption
CVE-2022-30791
7.5 - High
- July 11, 2022
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
Resource Exhaustion
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products
CVE-2022-22513
6.5 - Medium
- April 07, 2022
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
NULL Pointer Dereference
A remote, unauthenticated attacker
CVE-2022-22519
7.5 - High
- April 07, 2022
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
Buffer Over-read
An unauthenticated, remote attacker
CVE-2022-22517
7.5 - High
- April 07, 2022
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
Use of Insufficiently Random Values
A remote
CVE-2022-22515
8.1 - High
- April 07, 2022
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
Exposure of Resource to Wrong Sphere
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request
CVE-2022-22514
7.1 - High
- April 07, 2022
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
Untrusted Pointer Dereference
In CODESYS V3 web server before 3.5.17.10
CVE-2021-36763
7.5 - High
- August 03, 2021
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
Files or Directories Accessible to External Parties
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVE-2021-33485
9.8 - Critical
- August 03, 2021
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
Memory Corruption
CODESYS Control Runtime system before 3.5.17.0 has improper input validation
CVE-2021-29242
7.3 - High
- May 03, 2021
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
Improper Input Validation
CODESYS Control runtime system before 3.5.16.10
CVE-2020-15806
7.5 - High
- July 22, 2020
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
Allocation of Resources Without Limits or Throttling
CODESYS V3 web server before 3.5.15.40
CVE-2020-10245
9.8 - Critical
- March 26, 2020
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Memory Corruption
CODESYS 3 web server before 3.5.15.20
CVE-2019-18858
9.8 - Critical
- November 20, 2019
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
Classic Buffer Overflow
CODESYS V3 web server, all versions prior to 3.5.14.10
CVE-2019-13532
7.5 - High
- September 13, 2019
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
Directory traversal
CODESYS V3 web server, all versions prior to 3.5.14.10
CVE-2019-13548
9.8 - Critical
- September 13, 2019
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Codesys Remote Target Visu Toolkit or by Codesys? Click the Watch button to subscribe.