Vulnerabilities > Codesys > Control FOR Linux SL

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-6357 OS Command Injection vulnerability in Codesys products
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
network
low complexity
codesys CWE-78
8.8
2023-08-03 CVE-2022-4046 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys products
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
network
low complexity
codesys CWE-119
8.8
2023-08-03 CVE-2023-37546 Unspecified vulnerability in Codesys products
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37547 Unspecified vulnerability in Codesys products
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37548 Unspecified vulnerability in Codesys products
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37549 Unspecified vulnerability in Codesys products
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37550 Unspecified vulnerability in Codesys products
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37551 Files or Directories Accessible to External Parties vulnerability in Codesys products
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller.
network
low complexity
codesys CWE-552
6.5
2023-08-03 CVE-2023-37552 Unspecified vulnerability in Codesys products
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37553 Unspecified vulnerability in Codesys products
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5