Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-31803 Resource Exhaustion vulnerability in Codesys Gateway
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2.
network
low complexity
codesys CWE-400
5.0
2022-06-24 CVE-2022-31804 Uncontrolled Memory Allocation vulnerability in Codesys Gateway
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits.
network
low complexity
codesys CWE-789
5.0
2022-06-24 CVE-2022-32136 Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service.
network
low complexity
codesys CWE-824
4.0
2022-06-24 CVE-2022-32137 Heap-based Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite.
network
low complexity
codesys CWE-122
6.5
2022-06-24 CVE-2022-32138 Unexpected Sign Extension vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.
network
low complexity
codesys CWE-194
6.5
2022-06-24 CVE-2022-32139 Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition.
network
low complexity
codesys CWE-125
4.0
2022-06-24 CVE-2022-32140 Classic Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit
Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition.
network
low complexity
codesys CWE-120
4.0
2022-06-24 CVE-2022-32141 Buffer Over-read vulnerability in Codesys Plcwinnt and Runtime Toolkit
Multiple CODESYS Products are prone to a buffer over read.
network
low complexity
codesys CWE-126
4.0
2022-06-24 CVE-2022-32142 Use of Out-of-range Pointer Offset vulnerability in Codesys Plcwinnt and Runtime Toolkit
Multiple CODESYS Products are prone to a out-of bounds read or write access.
network
low complexity
codesys CWE-823
5.5
2022-06-24 CVE-2022-32143 Files or Directories Accessible to External Parties vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g.
network
low complexity
codesys CWE-552
6.5