Vulnerabilities (CVE)

Filtered by vendor Codesys Subscribe
Total 127 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22510 1 Codesys 1 Profinet 2024-11-21 5.0 MEDIUM 7.5 HIGH
Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.
CVE-2022-22508 1 Codesys 14 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 11 more 2024-11-21 N/A 4.3 MEDIUM
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.
CVE-2022-1989 1 Codesys 1 Visualization 2024-11-21 N/A 5.3 MEDIUM
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
CVE-2022-1965 1 Codesys 2 Plcwinnt, Runtime Toolkit 2024-11-21 5.5 MEDIUM 8.1 HIGH
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.
CVE-2022-1794 2 Codesys, Microsoft 2 Opc Da Server, Windows 2024-11-21 4.7 MEDIUM 5.5 MEDIUM
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.
CVE-2021-36765 1 Codesys 1 Ethernetip 2024-11-21 5.0 MEDIUM 7.5 HIGH
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.
CVE-2021-36764 1 Codesys 1 Gateway 2024-11-21 5.0 MEDIUM 7.5 HIGH
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
CVE-2021-36763 1 Codesys 7 Control, Control Rte, Control Runtime System Toolkit and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVE-2021-34599 1 Codesys 2 Development System, Git 2024-11-21 5.8 MEDIUM 7.4 HIGH
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.
CVE-2021-34596 1 Codesys 2 Plcwinnt, Runtime Toolkit 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
CVE-2021-34595 1 Codesys 2 Plcwinnt, Runtime Toolkit 2024-11-21 5.5 MEDIUM 8.1 HIGH
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
CVE-2021-34593 1 Codesys 2 Plcwinnt, Runtime Toolkit 2024-11-21 5.0 MEDIUM 7.5 HIGH
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.
CVE-2021-34586 1 Codesys 1 Codesys 2024-11-21 5.0 MEDIUM 7.5 HIGH
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
CVE-2021-34585 1 Codesys 1 Codesys 2024-11-21 5.0 MEDIUM 7.5 HIGH
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.
CVE-2021-34584 1 Codesys 1 Codesys 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
CVE-2021-34583 1 Codesys 1 Codesys 2024-11-21 5.0 MEDIUM 7.5 HIGH
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
CVE-2021-33486 1 Codesys 1 Runtime Toolkit 2024-11-21 5.0 MEDIUM 7.5 HIGH
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
CVE-2021-33485 1 Codesys 7 Control, Control Rte, Control Runtime System Toolkit and 4 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVE-2021-30195 1 Codesys 2 Plcwinnt, Runtime Toolkit 2024-11-21 5.0 MEDIUM 7.5 HIGH
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
CVE-2021-30194 1 Codesys 1 V2 Web Server 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.