Vulnerabilities > Codesys > Control Runtime System Toolkit > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-15 | CVE-2022-47390 | Unspecified vulnerability in Codesys products An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 |
| 2022-04-07 | CVE-2022-22514 | Unspecified vulnerability in Codesys products An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. | 7.1 |
| 2022-04-07 | CVE-2022-22517 | Use of Insufficiently Random Values vulnerability in Codesys products An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. | 7.5 |
| 2022-04-07 | CVE-2022-22519 | Unspecified vulnerability in Codesys products A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | 7.5 |
| 2021-08-03 | CVE-2021-36763 | Files or Directories Accessible to External Parties vulnerability in Codesys products In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | 7.5 |
| 2021-05-03 | CVE-2021-29241 | NULL Pointer Dereference vulnerability in Codesys products CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | 7.5 |
| 2021-05-03 | CVE-2021-29242 | Improper Input Validation vulnerability in Codesys products CODESYS Control Runtime system before 3.5.17.0 has improper input validation. | 7.3 |
| 2020-07-22 | CVE-2020-15806 | Memory Leak vulnerability in Codesys products CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. | 7.5 |
| 2019-09-13 | CVE-2019-13532 | Path Traversal vulnerability in Codesys products CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. | 7.5 |