Vulnerabilities > Codesys > Control WIN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2018-25048 | Path Traversal vulnerability in Codesys products The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. | 8.8 |
| 2022-07-11 | CVE-2022-30791 | Resource Exhaustion vulnerability in Codesys products In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. | 7.5 |
| 2022-07-11 | CVE-2022-30792 | Resource Exhaustion vulnerability in Codesys products In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. | 7.5 |
| 2021-05-03 | CVE-2021-29242 | Improper Input Validation vulnerability in Codesys products CODESYS Control Runtime system before 3.5.17.0 has improper input validation. | 7.3 |
| 2020-07-22 | CVE-2020-15806 | Memory Leak vulnerability in Codesys products CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. | 7.5 |
| 2020-05-14 | CVE-2020-12068 | Unspecified vulnerability in Codesys products An issue was discovered in CODESYS Development System before 3.5.16.0. | 6.5 |
| 2020-03-26 | CVE-2020-10245 | Out-of-bounds Write vulnerability in Codesys products CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. | 9.8 |
| 2020-01-24 | CVE-2020-7052 | Allocation of Resources Without Limits or Throttling vulnerability in Codesys products CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. | 6.5 |
| 2019-11-20 | CVE-2019-18858 | Classic Buffer Overflow vulnerability in Codesys products CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow. | 9.8 |
| 2019-09-17 | CVE-2019-13542 | NULL Pointer Dereference vulnerability in Codesys products 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. | 6.5 |