Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Codesys Subscribe
Total 84 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-34593 1 Codesys 2 Plcwinnt, Runtime Toolkit 2022-04-12 5.0 MEDIUM 7.5 HIGH
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.
CVE-2021-29241 1 Codesys 11 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 8 more 2022-04-01 5.0 MEDIUM 7.5 HIGH
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
CVE-2022-22510 1 Codesys 1 Profinet 2022-02-04 5.0 MEDIUM 7.5 HIGH
Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.
CVE-2019-9009 1 Codesys 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more 2022-01-01 5.0 MEDIUM 7.5 HIGH
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
CVE-2021-34585 1 Codesys 1 Codesys 2021-11-23 5.0 MEDIUM 7.5 HIGH
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.
CVE-2021-34596 1 Codesys 2 Plcwinnt, Runtime Toolkit 2021-11-04 4.0 MEDIUM 6.5 MEDIUM
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
CVE-2021-34583 1 Codesys 1 Codesys 2021-10-28 5.0 MEDIUM 7.5 HIGH
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
CVE-2021-34586 1 Codesys 1 Codesys 2021-10-28 5.0 MEDIUM 7.5 HIGH
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
CVE-2019-13548 1 Codesys 13 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 10 more 2021-10-28 7.5 HIGH 9.8 CRITICAL
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
CVE-2021-29242 1 Codesys 22 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 19 more 2021-09-14 7.5 HIGH 7.3 HIGH
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVE-2021-33486 1 Codesys 1 Runtime Toolkit 2021-08-17 5.0 MEDIUM 7.5 HIGH
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
CVE-2021-36763 1 Codesys 7 Control, Control Rte, Control Runtime System Toolkit and 4 more 2021-08-17 5.0 MEDIUM 7.5 HIGH
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVE-2021-33485 1 Codesys 7 Control, Control Rte, Control Runtime System Toolkit and 4 more 2021-08-17 7.5 HIGH 9.8 CRITICAL
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVE-2021-36764 1 Codesys 1 Gateway 2021-08-10 5.0 MEDIUM 7.5 HIGH
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
CVE-2021-36765 1 Codesys 1 Ethernetip 2021-08-10 5.0 MEDIUM 7.5 HIGH
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.
CVE-2020-12068 1 Codesys 12 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 9 more 2021-07-21 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
CVE-2020-7052 1 Codesys 15 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 12 more 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
CVE-2020-15806 1 Codesys 16 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 13 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
CVE-2019-13538 1 Codesys 1 Codesys 2021-06-09 6.8 MEDIUM 8.6 HIGH
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
CVE-2021-30187 1 Codesys 1 Runtime Toolkit 2021-05-26 4.6 MEDIUM 5.3 MEDIUM
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.