Filtered by vendor Codesys
Subscribe
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34593 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. | |||||
| CVE-2021-29241 | 1 Codesys | 11 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 8 more | 2022-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | |||||
| CVE-2022-22510 | 1 Codesys | 1 Profinet | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP. | |||||
| CVE-2019-9009 | 1 Codesys | 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. | |||||
| CVE-2021-34585 | 1 Codesys | 1 Codesys | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. | |||||
| CVE-2021-34596 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2021-11-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | |||||
| CVE-2021-34583 | 1 Codesys | 1 Codesys | 2021-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | |||||
| CVE-2021-34586 | 1 Codesys | 1 Codesys | 2021-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | |||||
| CVE-2019-13548 | 1 Codesys | 13 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 10 more | 2021-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. | |||||
| CVE-2021-29242 | 1 Codesys | 22 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 19 more | 2021-09-14 | 7.5 HIGH | 7.3 HIGH |
| CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. | |||||
| CVE-2021-33486 | 1 Codesys | 1 Runtime Toolkit | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. | |||||
| CVE-2021-36763 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | |||||
| CVE-2021-33485 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | |||||
| CVE-2021-36764 | 1 Codesys | 1 Gateway | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. | |||||
| CVE-2021-36765 | 1 Codesys | 1 Ethernetip | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system. | |||||
| CVE-2020-12068 | 1 Codesys | 12 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 9 more | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. | |||||
| CVE-2020-7052 | 1 Codesys | 15 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 12 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. | |||||
| CVE-2020-15806 | 1 Codesys | 16 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 13 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. | |||||
| CVE-2019-13538 | 1 Codesys | 1 Codesys | 2021-06-09 | 6.8 MEDIUM | 8.6 HIGH |
| 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. | |||||
| CVE-2021-30187 | 1 Codesys | 1 Runtime Toolkit | 2021-05-26 | 4.6 MEDIUM | 5.3 MEDIUM |
| CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | |||||