Vulnerabilities (CVE)

Filtered by vendor Codesys Subscribe
Total 127 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30192 1 Codesys 1 V2 Web Server 2024-02-28 7.5 HIGH 9.8 CRITICAL
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
CVE-2021-33486 1 Codesys 1 Runtime Toolkit 2024-02-28 5.0 MEDIUM 7.5 HIGH
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
CVE-2021-36763 1 Codesys 7 Control, Control Rte, Control Runtime System Toolkit and 4 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVE-2021-21865 1 Codesys 1 Development System 2024-02-28 6.8 MEDIUM 7.8 HIGH
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-30189 1 Codesys 1 V2 Web Server 2024-02-28 7.5 HIGH 9.8 CRITICAL
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
CVE-2021-21863 1 Codesys 1 Development System 2024-02-28 6.8 MEDIUM 7.8 HIGH
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-30188 1 Codesys 1 V2 Runtime System Sp 2024-02-28 7.5 HIGH 9.8 CRITICAL
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
CVE-2021-30193 1 Codesys 1 V2 Web Server 2024-02-28 7.5 HIGH 9.8 CRITICAL
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
CVE-2021-30186 1 Codesys 2 Plcwinnt, Runtime Toolkit 2024-02-28 5.0 MEDIUM 7.5 HIGH
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
CVE-2021-30194 1 Codesys 1 V2 Web Server 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
CVE-2021-29239 1 Codesys 1 Development System 2024-02-28 4.6 MEDIUM 7.8 HIGH
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
CVE-2021-33485 1 Codesys 7 Control, Control Rte, Control Runtime System Toolkit and 4 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVE-2021-21864 1 Codesys 1 Development System 2024-02-28 6.8 MEDIUM 7.8 HIGH
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-36764 1 Codesys 1 Gateway 2024-02-28 5.0 MEDIUM 7.5 HIGH
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
CVE-2021-21869 1 Codesys 1 Codesys 2024-02-28 6.8 MEDIUM 7.8 HIGH
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-29242 1 Codesys 22 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 19 more 2024-02-28 7.5 HIGH 7.3 HIGH
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVE-2021-29240 1 Codesys 1 Development System 2024-02-28 6.8 MEDIUM 7.8 HIGH
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
CVE-2021-30187 1 Codesys 1 Runtime Toolkit 2024-02-28 4.6 MEDIUM 5.3 MEDIUM
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
CVE-2021-30191 1 Codesys 1 V2 Web Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
CVE-2021-29238 1 Codesys 1 Automation Server 2024-02-28 6.8 MEDIUM 8.8 HIGH
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).