VYPR

Development System

by Codesys

CVEs (22)

  • CVE-2019-9010CriAug 15, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are…

  • CVE-2023-3663HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.

  • CVE-2022-22516HigApr 7, 2022
    risk 0.51cvss 7.8epss 0.00

    The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

  • CVE-2021-21869HigAug 25, 2021
    risk 0.51cvss 7.8epss 0.02

    An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious…

  • CVE-2021-21868HigAug 18, 2021
    risk 0.51cvss 7.8epss 0.02

    An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious…

  • CVE-2021-21867HigAug 18, 2021
    risk 0.51cvss 7.8epss 0.02

    An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a…

  • CVE-2021-21863HigAug 5, 2021
    risk 0.51cvss 7.8epss 0.01

    A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to…

  • CVE-2021-21866HigAug 2, 2021
    risk 0.51cvss 7.8epss 0.02

    A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a…

  • CVE-2021-21865HigAug 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to…

  • CVE-2021-21864HigAug 2, 2021
    risk 0.51cvss 7.8epss 0.02

    A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a…

  • CVE-2021-29240HigMay 4, 2021
    risk 0.51cvss 7.8epss 0.01

    The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.

  • CVE-2021-29239HigMay 3, 2021
    risk 0.51cvss 7.8epss 0.00

    CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

  • CVE-2022-4048HigMay 15, 2023
    risk 0.50cvss 7.7epss 0.00

    Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.

  • CVE-2020-12067HigDec 26, 2022
    risk 0.49cvss 7.5epss 0.01

    In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.

  • CVE-2022-31805HigJun 24, 2022
    risk 0.49cvss 7.5epss 0.01

    In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

  • CVE-2021-29241HigMay 3, 2021
    risk 0.49cvss 7.5epss 0.01

    CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

  • CVE-2023-3662HigAug 3, 2023
    risk 0.47cvss 7.3epss 0.00

    In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .

  • CVE-2023-3670HigJul 28, 2023
    risk 0.47cvss 7.3epss 0.00

    In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

  • CVE-2020-12068MedMay 14, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.

  • CVE-2023-3669LowAug 3, 2023
    risk 0.21cvss 3.3epss 0.00

    A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

Page 1 of 2