Vulnerabilities > Codesys > Codesys
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-26 | CVE-2021-34583 | Heap-based Buffer Overflow vulnerability in Codesys Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 5.0 |
| 2021-10-26 | CVE-2021-34584 | Buffer Over-read vulnerability in Codesys Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 6.4 |
| 2021-10-26 | CVE-2021-34585 | Unchecked Return Value vulnerability in Codesys In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. | 5.0 |
| 2021-10-26 | CVE-2021-34586 | NULL Pointer Dereference vulnerability in Codesys In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | 5.0 |
| 2021-08-25 | CVE-2021-21869 | Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-08-18 | CVE-2021-21867 | Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 6.8 |
| 2021-08-18 | CVE-2021-21868 | Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 6.8 |
| 2020-03-26 | CVE-2019-5105 | Out-of-bounds Write vulnerability in Codesys 3.5.13.2 An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. | 5.0 |
| 2019-10-25 | CVE-2019-16265 | Out-of-bounds Write vulnerability in Codesys and ENI Server CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. | 7.5 |
| 2019-09-17 | CVE-2019-13538 | Cross-site Scripting vulnerability in Codesys 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. | 6.8 |