Filtered by vendor Codesys
Subscribe
Total
127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30192 | 1 Codesys | 1 V2 Web Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. | |||||
CVE-2021-33486 | 1 Codesys | 1 Runtime Toolkit | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. | |||||
CVE-2021-36763 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | |||||
CVE-2021-21865 | 1 Codesys | 1 Development System | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-30189 | 1 Codesys | 1 V2 Web Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. | |||||
CVE-2021-21863 | 1 Codesys | 1 Development System | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-30188 | 1 Codesys | 1 V2 Runtime System Sp | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. | |||||
CVE-2021-30193 | 1 Codesys | 1 V2 Web Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. | |||||
CVE-2021-30186 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | |||||
CVE-2021-30194 | 1 Codesys | 1 V2 Web Server | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. | |||||
CVE-2021-29239 | 1 Codesys | 1 Development System | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | |||||
CVE-2021-33485 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | |||||
CVE-2021-21864 | 1 Codesys | 1 Development System | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-36764 | 1 Codesys | 1 Gateway | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. | |||||
CVE-2021-21869 | 1 Codesys | 1 Codesys | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-29242 | 1 Codesys | 22 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 19 more | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. | |||||
CVE-2021-29240 | 1 Codesys | 1 Development System | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. | |||||
CVE-2021-30187 | 1 Codesys | 1 Runtime Toolkit | 2024-02-28 | 4.6 MEDIUM | 5.3 MEDIUM |
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | |||||
CVE-2021-30191 | 1 Codesys | 1 V2 Web Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. | |||||
CVE-2021-29238 | 1 Codesys | 1 Automation Server | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). |