Vulnerabilities > Codesys > Control FOR Plcnext SL > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-6357 OS Command Injection vulnerability in Codesys products
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
network
low complexity
codesys CWE-78
8.8
2023-08-03 CVE-2022-4046 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys products
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
network
low complexity
codesys CWE-119
8.8
2023-05-15 CVE-2022-47379 Out-of-bounds Write vulnerability in Codesys products
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
network
low complexity
codesys CWE-787
8.8
2023-05-15 CVE-2022-47380 Out-of-bounds Write vulnerability in Codesys products
An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
network
low complexity
codesys CWE-787
8.8
2023-05-15 CVE-2022-47381 Out-of-bounds Write vulnerability in Codesys products
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
network
low complexity
codesys CWE-787
8.8
2023-05-15 CVE-2022-47382 Out-of-bounds Write vulnerability in Codesys products
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
network
low complexity
codesys CWE-787
8.8
2023-05-15 CVE-2022-47383 Out-of-bounds Write vulnerability in Codesys products
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
network
low complexity
codesys CWE-787
8.8
2023-05-15 CVE-2022-47384 Out-of-bounds Write vulnerability in Codesys products
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
network
low complexity
codesys CWE-787
8.8
2023-05-15 CVE-2022-47385 Out-of-bounds Write vulnerability in Codesys products
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
network
low complexity
codesys CWE-787
8.8
2023-05-15 CVE-2022-47386 Out-of-bounds Write vulnerability in Codesys products
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
network
low complexity
codesys CWE-787
8.8