V3
by Codesys
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-34593 | Hig | 0.49 | 7.5 | 0.03 | Oct 26, 2021 | In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be… | ||
| CVE-2021-34585 | Hig | 0.49 | 7.5 | 0.01 | Oct 26, 2021 | In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. | ||
| CVE-2021-34583 | Hig | 0.49 | 7.5 | 0.08 | Oct 26, 2021 | Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | ||
| CVE-2019-9009 | Hig | 0.49 | 7.5 | 0.02 | Sep 17, 2019 | An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. | ||
| CVE-2019-9012 | Hig | 0.49 | 7.5 | 0.02 | Aug 15, 2019 | An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions… | ||
| CVE-2018-20026 | Hig | 0.49 | 7.5 | 0.03 | Feb 19, 2019 | Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. | ||
| CVE-2018-20025 | Hig | 0.49 | 7.5 | 0.03 | Feb 19, 2019 | Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. | ||
| CVE-2022-22514 | Hig | 0.46 | 7.1 | 0.01 | Apr 7, 2022 | An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be… | ||
| CVE-2022-47393 | Med | 0.42 | 6.5 | 0.01 | May 15, 2023 | An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation. | ||
| CVE-2022-47378 | Med | 0.42 | 6.5 | 0.01 | May 15, 2023 | Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition. | ||
| CVE-2021-34596 | Med | 0.42 | 6.5 | 0.01 | Oct 26, 2021 | A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | ||
| CVE-2022-22508 | Med | 0.28 | 4.3 | 0.01 | May 15, 2023 | Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. |
- risk 0.49cvss 7.5epss 0.03
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be…
- risk 0.49cvss 7.5epss 0.01
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.
- risk 0.49cvss 7.5epss 0.08
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions…
- risk 0.49cvss 7.5epss 0.03
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
- risk 0.49cvss 7.5epss 0.03
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
- risk 0.46cvss 7.1epss 0.01
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be…
- risk 0.42cvss 6.5epss 0.01
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
- risk 0.42cvss 6.5epss 0.01
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
- risk 0.42cvss 6.5epss 0.01
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
- risk 0.28cvss 4.3epss 0.01
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.
Page 2 of 2