Vulnerabilities > Codesys > Development System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-37551 | Unspecified vulnerability in Codesys products In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. | 6.5 |
| 2023-08-03 | CVE-2023-37552 | Unspecified vulnerability in Codesys products In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. | 6.5 |
| 2023-03-23 | CVE-2022-4224 | Unspecified vulnerability in Codesys products In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | 8.8 |
| 2022-04-07 | CVE-2022-22513 | Unspecified vulnerability in Codesys products An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | 6.5 |
| 2022-04-07 | CVE-2022-22514 | Unspecified vulnerability in Codesys products An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. | 7.1 |
| 2022-04-07 | CVE-2022-22516 | Unspecified vulnerability in Codesys products The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | 7.8 |
| 2022-04-07 | CVE-2022-22517 | Use of Insufficiently Random Values vulnerability in Codesys products An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. | 7.5 |
| 2022-04-07 | CVE-2022-22519 | Unspecified vulnerability in Codesys products A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | 7.5 |
| 2021-08-05 | CVE-2021-21863 | Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-08-02 | CVE-2021-21864 | Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |