Vulnerabilities > Codesys > Control FOR Beaglebone SL

DATE CVE VULNERABILITY TITLE RISK
2022-04-07 CVE-2022-22519 Buffer Over-read vulnerability in Codesys products
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
network
low complexity
codesys CWE-126
7.5
2021-05-03 CVE-2021-29241 NULL Pointer Dereference vulnerability in Codesys products
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
network
low complexity
codesys CWE-476
7.5
2021-05-03 CVE-2021-29242 Improper Input Validation vulnerability in Codesys products
CODESYS Control Runtime system before 3.5.17.0 has improper input validation.
network
low complexity
codesys CWE-20
7.3
2019-08-15 CVE-2019-9012 Allocation of Resources Without Limits or Throttling vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS V3 products.
network
low complexity
codesys CWE-770
7.5
2019-08-15 CVE-2019-9010 Unspecified vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS V3 products.
network
low complexity
codesys
critical
9.8
2019-08-15 CVE-2019-9013 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS V3 products.
low complexity
codesys CWE-327
8.8
2019-02-19 CVE-2018-20026 Unspecified vulnerability in Codesys products
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
network
low complexity
codesys
7.5
2019-02-19 CVE-2018-20025 Use of Insufficiently Random Values vulnerability in Codesys products
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
network
low complexity
codesys CWE-330
7.5
2019-01-29 CVE-2018-10612 Incorrect Permission Assignment for Critical Resource vulnerability in Codesys products
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
network
low complexity
codesys CWE-732
critical
9.8