Vulnerabilities > Codesys

DATE CVE VULNERABILITY TITLE RISK
2021-08-25 CVE-2021-21869 Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.
network
codesys CWE-502
6.8
2021-08-18 CVE-2021-21867 Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0
An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.
network
codesys CWE-502
6.8
2021-08-18 CVE-2021-21868 Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0
An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.
network
codesys CWE-502
6.8
2021-08-05 CVE-2021-21863 Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.
network
codesys CWE-502
6.8
2021-08-04 CVE-2021-36764 NULL Pointer Dereference vulnerability in Codesys Gateway
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference.
network
low complexity
codesys CWE-476
5.0
2021-08-04 CVE-2021-36765 NULL Pointer Dereference vulnerability in Codesys Ethernetip
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.
network
low complexity
codesys CWE-476
5.0
2021-08-03 CVE-2021-33485 Out-of-bounds Write vulnerability in Codesys products
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
network
low complexity
codesys CWE-787
7.5
2021-08-03 CVE-2021-33486 Improper Handling of Exceptional Conditions vulnerability in Codesys Runtime Toolkit
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
network
low complexity
codesys CWE-755
5.0
2021-08-03 CVE-2021-36763 Files or Directories Accessible to External Parties vulnerability in Codesys products
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
network
low complexity
codesys CWE-552
5.0
2021-08-02 CVE-2021-21864 Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.
network
codesys CWE-502
6.8