Vulnerabilities > Codesys > Codesys > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-26 CVE-2021-34583 Out-of-bounds Write vulnerability in Codesys
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
network
low complexity
codesys CWE-787
7.5
7.5
2021-10-26 CVE-2021-34585 Unchecked Return Value vulnerability in Codesys
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error.
network
low complexity
codesys CWE-252
7.5
7.5
2021-10-26 CVE-2021-34586 NULL Pointer Dereference vulnerability in Codesys
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
network
low complexity
codesys CWE-476
7.5
7.5
2021-08-25 CVE-2021-21869 Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.
local
low complexity
codesys CWE-502
7.8
7.8
2021-08-18 CVE-2021-21867 Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0
An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.
local
low complexity
codesys CWE-502
7.8
7.8
2021-08-18 CVE-2021-21868 Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0
An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.
local
low complexity
codesys CWE-502
7.8
7.8
2020-03-26 CVE-2019-5105 Out-of-bounds Write vulnerability in Codesys 3.5.13.2
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService.
network
low complexity
codesys CWE-787
7.5
7.5
2019-09-17 CVE-2019-13538 Cross-site Scripting vulnerability in Codesys
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed.
local
low complexity
codesys CWE-79
8.6
8.6