Vulnerabilities > Codesys > Development System > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-07 | CVE-2022-22517 | Use of Insufficiently Random Values vulnerability in Codesys products An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. | 7.5 |
| 2022-04-07 | CVE-2022-22519 | Buffer Over-read vulnerability in Codesys products A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | 7.5 |
| 2021-08-05 | CVE-2021-21863 | Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-08-02 | CVE-2021-21864 | Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-08-02 | CVE-2021-21865 | Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. | 7.8 |
| 2021-08-02 | CVE-2021-21866 | Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-05-04 | CVE-2021-29240 | Unspecified vulnerability in Codesys Development System The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. | 7.8 |
| 2021-05-03 | CVE-2021-29241 | NULL Pointer Dereference vulnerability in Codesys products CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | 7.5 |
| 2021-05-03 | CVE-2021-29239 | Insufficient Verification of Data Authenticity vulnerability in Codesys Development System CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. | 7.8 |
| 2019-08-15 | CVE-2019-9012 | Allocation of Resources Without Limits or Throttling vulnerability in Codesys products An issue was discovered in 3S-Smart CODESYS V3 products. | 7.5 |