Vulnerabilities > Codesys > Control FOR Iot2000

DATE CVE VULNERABILITY TITLE RISK
2023-03-23 CVE-2018-25048 Path Traversal vulnerability in Codesys products
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
network
low complexity
codesys CWE-22
8.8
2022-12-26 CVE-2020-12069 Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm.
local
low complexity
pilz codesys festo wago CWE-916
7.8
2020-07-22 CVE-2020-15806 Memory Leak vulnerability in Codesys products
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
network
low complexity
codesys CWE-401
7.5
2020-05-14 CVE-2020-12068 Unspecified vulnerability in Codesys products
An issue was discovered in CODESYS Development System before 3.5.16.0.
network
low complexity
codesys
6.5
2020-03-26 CVE-2020-10245 Out-of-bounds Write vulnerability in Codesys products
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
network
low complexity
codesys CWE-787
critical
9.8
2020-01-24 CVE-2020-7052 Allocation of Resources Without Limits or Throttling vulnerability in Codesys products
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
network
low complexity
codesys CWE-770
6.5
2019-11-20 CVE-2019-18858 Classic Buffer Overflow vulnerability in Codesys products
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
network
low complexity
codesys CWE-120
critical
9.8
2019-09-17 CVE-2019-13542 NULL Pointer Dereference vulnerability in Codesys products
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
network
low complexity
codesys CWE-476
6.5
2019-09-17 CVE-2019-9009 Improper Handling of Exceptional Conditions vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 .
network
low complexity
codesys CWE-755
7.5
2019-09-17 CVE-2019-9008 Incorrect Permission Assignment for Critical Resource vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30.
network
low complexity
codesys CWE-732
8.8