Filtered by vendor Codesys
Subscriptions
Total
125 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-22513 | 1 Codesys | 20 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 17 more | 2024-09-17 | 6.5 Medium |
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | ||||
CVE-2021-34593 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-09-17 | 7.5 High |
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. | ||||
CVE-2021-34586 | 1 Codesys | 1 Codesys | 2024-09-17 | 7.5 High |
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | ||||
CVE-2021-34595 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-09-17 | 8.1 High |
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | ||||
CVE-2022-31806 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-09-17 | 9.8 Critical |
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller. | ||||
CVE-2022-22519 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 15 more | 2024-09-17 | 7.5 High |
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | ||||
CVE-2022-22514 | 1 Codesys | 20 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 17 more | 2024-09-17 | 7.1 High |
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. | ||||
CVE-2018-10612 | 1 Codesys | 12 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 9 more | 2024-09-17 | N/A |
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. | ||||
CVE-2021-34599 | 1 Codesys | 2 Development System, Git | 2024-09-17 | 7.4 High |
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack. | ||||
CVE-2022-22518 | 1 Codesys | 10 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 7 more | 2024-09-17 | 6.5 Medium |
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy. | ||||
CVE-2022-32138 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-09-17 | 8.8 High |
In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. | ||||
CVE-2022-22510 | 1 Codesys | 1 Profinet | 2024-09-17 | 7.5 High |
Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP. | ||||
CVE-2022-22516 | 2 Codesys, Microsoft | 5 Control Rte Sl, Control Rte Sl \(for Beckhoff Cx\), Control Win Sl and 2 more | 2024-09-17 | 7.8 High |
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | ||||
CVE-2022-32142 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-09-17 | 8.1 High |
Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. | ||||
CVE-2022-31802 | 1 Codesys | 1 Gateway | 2024-09-17 | 9.8 Critical |
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password. | ||||
CVE-2022-30792 | 1 Codesys | 19 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 Sl and 16 more | 2024-09-16 | 7.5 High |
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. | ||||
CVE-2021-34596 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-09-16 | 6.5 Medium |
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | ||||
CVE-2021-34584 | 1 Codesys | 1 Codesys | 2024-09-16 | 9.1 Critical |
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | ||||
CVE-2022-22517 | 1 Codesys | 20 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 17 more | 2024-09-16 | 7.5 High |
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. | ||||
CVE-2021-34585 | 1 Codesys | 1 Codesys | 2024-09-16 | 7.5 High |
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. |