Filtered by vendor Codesys
Subscriptions
Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36764 | 1 Codesys | 1 Gateway | 2024-08-04 | 7.5 High |
| In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. | ||||
| CVE-2021-36763 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2024-08-04 | 7.5 High |
| In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | ||||
| CVE-2021-33486 | 1 Codesys | 1 Runtime Toolkit | 2024-08-03 | 7.5 High |
| All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. | ||||
| CVE-2021-33485 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2024-08-03 | 9.8 Critical |
| CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | ||||
| CVE-2021-30191 | 1 Codesys | 1 V2 Web Server | 2024-08-03 | 7.5 High |
| CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. | ||||
| CVE-2021-30190 | 1 Codesys | 1 V2 Web Server | 2024-08-03 | 9.8 Critical |
| CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. | ||||
| CVE-2021-30192 | 1 Codesys | 1 V2 Web Server | 2024-08-03 | 9.8 Critical |
| CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. | ||||
| CVE-2021-30189 | 1 Codesys | 1 V2 Web Server | 2024-08-03 | 9.8 Critical |
| CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. | ||||
| CVE-2021-30186 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-08-03 | 7.5 High |
| CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | ||||
| CVE-2021-30193 | 1 Codesys | 1 V2 Web Server | 2024-08-03 | 9.8 Critical |
| CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. | ||||
| CVE-2021-30187 | 1 Codesys | 1 Runtime Toolkit | 2024-08-03 | 5.3 Medium |
| CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | ||||
| CVE-2021-30194 | 1 Codesys | 1 V2 Web Server | 2024-08-03 | 9.1 Critical |
| CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. | ||||
| CVE-2021-30195 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-08-03 | 7.5 High |
| CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. | ||||
| CVE-2021-30188 | 1 Codesys | 1 V2 Runtime System Sp | 2024-08-03 | 9.8 Critical |
| CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. | ||||
| CVE-2021-29242 | 1 Codesys | 22 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 19 more | 2024-08-03 | 7.3 High |
| CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. | ||||
| CVE-2021-29240 | 1 Codesys | 1 Development System | 2024-08-03 | 7.8 High |
| The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. | ||||
| CVE-2021-29239 | 1 Codesys | 1 Development System | 2024-08-03 | 7.8 High |
| CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | ||||
| CVE-2021-29238 | 1 Codesys | 1 Automation Server | 2024-08-03 | 8.8 High |
| CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). | ||||
| CVE-2021-29241 | 1 Codesys | 11 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 8 more | 2024-08-03 | 7.5 High |
| CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | ||||
| CVE-2021-21866 | 1 Codesys | 1 Development System | 2024-08-03 | 7.8 High |
| A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||