VYPR

V3

by Codesys

CVEs (32)

  • CVE-2021-34593HigOct 26, 2021
    risk 0.49cvss 7.5epss 0.03

    In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be…

  • CVE-2021-34585HigOct 26, 2021
    risk 0.49cvss 7.5epss 0.01

    In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

  • CVE-2021-34583HigOct 26, 2021
    risk 0.49cvss 7.5epss 0.08

    Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

  • CVE-2019-9009HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.

  • CVE-2019-9012HigAug 15, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions…

  • CVE-2018-20026HigFeb 19, 2019
    risk 0.49cvss 7.5epss 0.03

    Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.

  • CVE-2018-20025HigFeb 19, 2019
    risk 0.49cvss 7.5epss 0.03

    Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.

  • CVE-2022-22514HigApr 7, 2022
    risk 0.46cvss 7.1epss 0.01

    An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be…

  • CVE-2022-47393MedMay 15, 2023
    risk 0.42cvss 6.5epss 0.01

    An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.

  • CVE-2022-47378MedMay 15, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.

  • CVE-2021-34596MedOct 26, 2021
    risk 0.42cvss 6.5epss 0.01

    A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

  • CVE-2022-22508MedMay 15, 2023
    risk 0.28cvss 4.3epss 0.01

    Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.

Page 2 of 2