Codesys Runtime System
by 3S Smart Software Solutions
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6069 | Cri | 0.65 | 10.0 | 0.03 | Jan 21, 2013 | The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the … | ||
| CVE-2018-5440 | Cri | 0.64 | 9.8 | 0.03 | Feb 15, 2018 | A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted… | ||
| CVE-2012-6068 | Cri | 0.64 | 9.8 | 0.05 | Jan 21, 2013 | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. | ||
| CVE-2021-30186 | 0.00 | — | 0.07 | May 25, 2021 | CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | |||
| CVE-2015-6482 | 0.00 | — | 0.02 | Oct 18, 2015 | Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. | |||
| CVE-2014-0769 | 0.00 | — | 0.02 | Apr 25, 2014 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug… | |||
| CVE-2014-0760 | 0.00 | — | 0.03 | Apr 25, 2014 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service… | |||
| CVE-2014-0757 | 0.00 | — | 0.03 | Jan 31, 2014 | Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. |
- risk 0.65cvss 10.0epss 0.03
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the …
- risk 0.64cvss 9.8epss 0.03
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted…
- risk 0.64cvss 9.8epss 0.05
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
- CVE-2021-30186May 25, 2021risk 0.00cvss —epss 0.07
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
- CVE-2015-6482Oct 18, 2015risk 0.00cvss —epss 0.02
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
- CVE-2014-0769Apr 25, 2014risk 0.00cvss —epss 0.02
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug…
- CVE-2014-0760Apr 25, 2014risk 0.00cvss —epss 0.03
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service…
- CVE-2014-0757Jan 31, 2014risk 0.00cvss —epss 0.03
Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.