Vulnerabilities > Codesys

DATE CVE VULNERABILITY TITLE RISK
2022-07-11 CVE-2022-1794 Unprotected Storage of Credentials vulnerability in Codesys OPC DA Server
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.
4.7
2022-07-11 CVE-2022-30791 Resource Exhaustion vulnerability in Codesys products
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections.
network
low complexity
codesys CWE-400
5.0
2022-07-11 CVE-2022-30792 Resource Exhaustion vulnerability in Codesys products
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections.
network
low complexity
codesys CWE-400
5.0
2022-06-24 CVE-2022-1965 Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit
Multiple products of CODESYS implement a improper error handling.
network
low complexity
codesys CWE-755
5.5
2022-06-24 CVE-2022-31802 Partial String Comparison vulnerability in Codesys Gateway
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password.
network
low complexity
codesys CWE-187
7.5
2022-06-24 CVE-2022-31803 Resource Exhaustion vulnerability in Codesys Gateway
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2.
network
low complexity
codesys CWE-400
5.0
2022-06-24 CVE-2022-31804 Uncontrolled Memory Allocation vulnerability in Codesys Gateway
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits.
network
low complexity
codesys CWE-789
5.0
2022-06-24 CVE-2022-31805 Unprotected Transport of Credentials vulnerability in Codesys products
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
network
codesys CWE-523
4.3
2022-06-24 CVE-2022-31806 Insecure Default Initialization of Resource vulnerability in Codesys Plcwinnt and Runtime Toolkit
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
network
codesys CWE-1188
6.8
2022-06-24 CVE-2022-32136 Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service.
network
low complexity
codesys CWE-824
4.0