Vulnerabilities > Codesys > Control FOR Linux SL

DATE CVE VULNERABILITY TITLE RISK
2022-04-07 CVE-2022-22517 Use of Insufficiently Random Values vulnerability in Codesys products
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets.
network
low complexity
codesys CWE-330
7.5
2022-04-07 CVE-2022-22518 Incorrect Default Permissions vulnerability in Codesys products
A bug in CmpUserMgr component can lead to only partially applied security policies.
network
low complexity
codesys CWE-276
6.5
2022-04-07 CVE-2022-22519 Buffer Over-read vulnerability in Codesys products
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
network
low complexity
codesys CWE-126
7.5
2021-05-03 CVE-2021-29241 NULL Pointer Dereference vulnerability in Codesys products
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
network
low complexity
codesys CWE-476
7.5
2021-05-03 CVE-2021-29242 Improper Input Validation vulnerability in Codesys products
CODESYS Control Runtime system before 3.5.17.0 has improper input validation.
network
low complexity
codesys CWE-20
7.3
2019-08-15 CVE-2019-9012 Allocation of Resources Without Limits or Throttling vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS V3 products.
network
low complexity
codesys CWE-770
7.5
2019-08-15 CVE-2019-9010 Unspecified vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS V3 products.
network
low complexity
codesys
critical
9.8
2019-08-15 CVE-2019-9013 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS V3 products.
low complexity
codesys CWE-327
8.8
2019-02-19 CVE-2018-20026 Unspecified vulnerability in Codesys products
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
network
low complexity
codesys
7.5
2019-02-19 CVE-2018-20025 Use of Insufficiently Random Values vulnerability in Codesys products
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
network
low complexity
codesys CWE-330
7.5