VYPR

Control V3 Runtime System Toolkit

by Codesys

CVEs (12)

  • CVE-2021-33485CriAug 3, 2021
    risk 0.64cvss 9.8epss 0.01

    CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

  • CVE-2021-29241HigMay 3, 2021
    risk 0.49cvss 7.5epss 0.01

    CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

  • CVE-2025-41739MedDec 1, 2025
    risk 0.38cvss 5.9epss 0.00

    An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.

  • CVE-2026-3509Mar 24, 2026
    risk 0.00cvss epss 0.00

    An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.

  • CVE-2025-41660Mar 24, 2026
    risk 0.00cvss epss 0.00

    A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

  • CVE-2025-41738Dec 1, 2025
    risk 0.00cvss epss 0.00

    An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

  • CVE-2018-25048Mar 23, 2023
    risk 0.00cvss epss 0.01

    The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

  • CVE-2022-22519Apr 7, 2022
    risk 0.00cvss epss 0.01

    A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

  • CVE-2022-22516Apr 7, 2022
    risk 0.00cvss epss 0.00

    The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

  • CVE-2022-22515Apr 7, 2022
    risk 0.00cvss epss 0.01

    A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

  • CVE-2021-29242May 3, 2021
    risk 0.00cvss epss 0.01

    CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

  • CVE-2020-15806Jul 22, 2020
    risk 0.00cvss epss 0.02

    CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.