Vulnerabilities > Codesys > Development System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-37556 | Unspecified vulnerability in Codesys products In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. | 6.5 |
| 2023-08-03 | CVE-2023-37557 | Out-of-bounds Write vulnerability in Codesys products After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition. | 6.5 |
| 2023-08-03 | CVE-2023-37558 | Unspecified vulnerability in Codesys products After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. | 6.5 |
| 2023-08-03 | CVE-2023-37559 | Unspecified vulnerability in Codesys products After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. | 6.5 |
| 2023-08-03 | CVE-2023-3669 | Improper Restriction of Excessive Authentication Attempts vulnerability in Codesys Development System A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. | 3.3 |
| 2023-08-03 | CVE-2023-37545 | Unspecified vulnerability in Codesys products In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. | 6.5 |
| 2023-08-03 | CVE-2023-3662 | Uncontrolled Search Path Element vulnerability in Codesys Development System In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . | 7.3 |
| 2023-08-03 | CVE-2023-3663 | Improper Verification of Source of a Communication Channel vulnerability in Codesys Development System In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. | 8.8 |
| 2023-07-28 | CVE-2023-3670 | Exposure of Resource to Wrong Sphere vulnerability in Codesys Development System and Scripting In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. | 7.3 |
| 2023-03-23 | CVE-2022-4224 | Insecure Default Initialization of Resource vulnerability in Codesys products In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | 8.8 |