VYPR

V3

by Codesys

CVEs (32)

  • CVE-2021-34584CriOct 26, 2021
    risk 0.59cvss 9.1epss 0.01

    Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

  • CVE-2024-41969HigNov 18, 2024
    risk 0.57cvss 8.8epss 0.00

    A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.

  • CVE-2022-47390HigMay 15, 2023
    risk 0.57cvss 8.8epss 0.01

    An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote…

  • CVE-2022-47389HigMay 15, 2023
    risk 0.57cvss 8.8epss 0.01

    An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote…

  • CVE-2022-47386HigMay 15, 2023
    risk 0.57cvss 8.8epss 0.01

    An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote…

  • CVE-2022-47383HigMay 15, 2023
    risk 0.57cvss 8.8epss 0.01

    An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote…

  • CVE-2022-47382HigMay 15, 2023
    risk 0.57cvss 8.8epss 0.01

    An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote…

  • CVE-2022-47381HigMay 15, 2023
    risk 0.57cvss 8.8epss 0.01

    An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

  • CVE-2022-47380HigMay 15, 2023
    risk 0.57cvss 8.8epss 0.01

    An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

  • CVE-2022-47379HigMay 15, 2023
    risk 0.57cvss 8.8epss 0.02

    An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

  • CVE-2022-4224HigMar 23, 2023
    risk 0.57cvss 8.8epss 0.01

    In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

  • CVE-2019-9008HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.

  • CVE-2019-9013HigAug 15, 2019
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the…

  • CVE-2022-1965HigJun 24, 2022
    risk 0.53cvss 8.1epss 0.01

    Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.

  • CVE-2021-34595HigOct 26, 2021
    risk 0.53cvss 8.1epss 0.01

    A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

  • CVE-2020-12069HigDec 26, 2022
    risk 0.51cvss 7.8epss 0.00

    In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the…

  • CVE-2021-34586HigOct 26, 2021
    risk 0.50cvss 7.5epss 0.13

    In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

  • CVE-2022-47391HigMay 15, 2023
    risk 0.49cvss 7.5epss 0.02

    In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

  • CVE-2022-30791HigJul 11, 2022
    risk 0.49cvss 7.5epss 0.01

    In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

  • CVE-2022-22517HigApr 7, 2022
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

Page 1 of 2