Control V3 Runtime System Toolkit
by Codesys
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-33485 | Cri | 0.64 | 9.8 | 0.01 | Aug 3, 2021 | CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | ||
| CVE-2021-29241 | Hig | 0.49 | 7.5 | 0.01 | May 3, 2021 | CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | ||
| CVE-2025-41739 | Med | 0.38 | 5.9 | 0.00 | Dec 1, 2025 | An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service. | ||
| CVE-2026-3509 | 0.00 | — | 0.00 | Mar 24, 2026 | An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition. | |||
| CVE-2025-41660 | 0.00 | — | 0.00 | Mar 24, 2026 | A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution. | |||
| CVE-2025-41738 | 0.00 | — | 0.00 | Dec 1, 2025 | An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition. | |||
| CVE-2018-25048 | 0.00 | — | 0.01 | Mar 23, 2023 | The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. | |||
| CVE-2022-22519 | 0.00 | — | 0.01 | Apr 7, 2022 | A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | |||
| CVE-2022-22516 | 0.00 | — | 0.00 | Apr 7, 2022 | The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | |||
| CVE-2022-22515 | 0.00 | — | 0.01 | Apr 7, 2022 | A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | |||
| CVE-2021-29242 | 0.00 | — | 0.01 | May 3, 2021 | CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. | |||
| CVE-2020-15806 | 0.00 | — | 0.02 | Jul 22, 2020 | CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. |
- risk 0.64cvss 9.8epss 0.01
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
- risk 0.49cvss 7.5epss 0.01
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
- risk 0.38cvss 5.9epss 0.00
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.
- CVE-2026-3509Mar 24, 2026risk 0.00cvss —epss 0.00
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
- CVE-2025-41660Mar 24, 2026risk 0.00cvss —epss 0.00
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
- CVE-2025-41738Dec 1, 2025risk 0.00cvss —epss 0.00
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
- CVE-2018-25048Mar 23, 2023risk 0.00cvss —epss 0.01
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
- CVE-2022-22519Apr 7, 2022risk 0.00cvss —epss 0.01
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
- CVE-2022-22516Apr 7, 2022risk 0.00cvss —epss 0.00
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.
- CVE-2022-22515Apr 7, 2022risk 0.00cvss —epss 0.01
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
- CVE-2021-29242May 3, 2021risk 0.00cvss —epss 0.01
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
- CVE-2020-15806Jul 22, 2020risk 0.00cvss —epss 0.02
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.