Vulnerabilities > Codesys > Gateway
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-11 | CVE-2022-30791 | Resource Exhaustion vulnerability in Codesys products In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. | 7.5 |
| 2022-07-11 | CVE-2022-30792 | Resource Exhaustion vulnerability in Codesys products In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. | 7.5 |
| 2022-06-24 | CVE-2022-31802 | Partial String Comparison vulnerability in Codesys Gateway In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. | 9.8 |
| 2022-06-24 | CVE-2022-31803 | Resource Exhaustion vulnerability in Codesys Gateway In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. | 5.3 |
| 2022-06-24 | CVE-2022-31804 | Uncontrolled Memory Allocation vulnerability in Codesys Gateway The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. | 7.5 |
| 2022-06-24 | CVE-2022-31805 | Unprotected Transport of Credentials vulnerability in Codesys products In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | 7.5 |
| 2022-04-07 | CVE-2022-22513 | NULL Pointer Dereference vulnerability in Codesys products An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | 6.5 |
| 2022-04-07 | CVE-2022-22514 | Untrusted Pointer Dereference vulnerability in Codesys products An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. | 7.1 |
| 2022-04-07 | CVE-2022-22517 | Use of Insufficiently Random Values vulnerability in Codesys products An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. | 7.5 |
| 2021-08-04 | CVE-2021-36764 | NULL Pointer Dereference vulnerability in Codesys Gateway In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. | 7.5 |