Vulnerabilities > Codesys > Control V3 Runtime System Toolkit > High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-23	CVE-2018-25048	Path Traversal vulnerability in Codesys products The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. network low complexity codesys CWE-22	8.8
2022-12-26	CVE-2020-12069	Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. local low complexity pilz codesys festo wago CWE-916	7.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.