Vulnerabilities > Codesys > Control FOR Pfc100 SL > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-37556 Unspecified vulnerability in Codesys products
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37557 Out-of-bounds Write vulnerability in Codesys products
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
network
low complexity
codesys CWE-787
6.5
2023-08-03 CVE-2023-37558 Unspecified vulnerability in Codesys products
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37559 Unspecified vulnerability in Codesys products
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37545 Unspecified vulnerability in Codesys products
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-05-15 CVE-2022-47392 Improper Input Validation vulnerability in Codesys products
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
network
low complexity
codesys CWE-20
6.5
2023-05-15 CVE-2022-47393 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys products
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
network
low complexity
codesys CWE-119
6.5
2023-05-15 CVE-2022-22508 Improper Input Validation vulnerability in Codesys products
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.
network
low complexity
codesys CWE-20
4.3
2023-05-15 CVE-2022-47378 Improper Input Validation vulnerability in Codesys products
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability.
network
low complexity
codesys CWE-20
6.5
2022-04-07 CVE-2022-22513 NULL Pointer Dereference vulnerability in Codesys products
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
network
low complexity
codesys CWE-476
6.5