Vulnerabilities > Codesys > Control FOR Beaglebone SL > 3.5.11.50
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-15 | CVE-2022-47389 | Out-of-bounds Write vulnerability in Codesys products An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 |
| 2023-05-15 | CVE-2022-47390 | Out-of-bounds Write vulnerability in Codesys products An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 |
| 2023-05-15 | CVE-2022-47391 | Improper Input Validation vulnerability in Codesys products In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. | 7.5 |
| 2023-03-23 | CVE-2022-4224 | Insecure Default Initialization of Resource vulnerability in Codesys products In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | 8.8 |
| 2022-04-07 | CVE-2022-22513 | NULL Pointer Dereference vulnerability in Codesys products An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | 3.5 |
| 2022-04-07 | CVE-2022-22514 | Untrusted Pointer Dereference vulnerability in Codesys products An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. | 4.9 |
| 2022-04-07 | CVE-2022-22515 | Exposure of Resource to Wrong Sphere vulnerability in Codesys products A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | 4.9 |
| 2022-04-07 | CVE-2022-22517 | Use of Insufficiently Random Values vulnerability in Codesys products An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. | 5.0 |
| 2022-04-07 | CVE-2022-22519 | Buffer Over-read vulnerability in Codesys products A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | 5.0 |
| 2021-05-03 | CVE-2021-29241 | NULL Pointer Dereference vulnerability in Codesys products CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | 5.0 |