Vulnerabilities > Codesys > Gateway > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-11 CVE-2022-30791 Resource Exhaustion vulnerability in Codesys products
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections.
network
low complexity
codesys CWE-400
7.5
2022-07-11 CVE-2022-30792 Resource Exhaustion vulnerability in Codesys products
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections.
network
low complexity
codesys CWE-400
7.5
2022-06-24 CVE-2022-31804 Uncontrolled Memory Allocation vulnerability in Codesys Gateway
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits.
network
low complexity
codesys CWE-789
7.5
2022-06-24 CVE-2022-31805 Unprotected Transport of Credentials vulnerability in Codesys products
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
network
low complexity
codesys CWE-523
7.5
2022-04-07 CVE-2022-22514 Untrusted Pointer Dereference vulnerability in Codesys products
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request.
network
low complexity
codesys CWE-822
7.1
2022-04-07 CVE-2022-22517 Use of Insufficiently Random Values vulnerability in Codesys products
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets.
network
low complexity
codesys CWE-330
7.5
2021-08-04 CVE-2021-36764 NULL Pointer Dereference vulnerability in Codesys Gateway
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference.
network
low complexity
codesys CWE-476
7.5
2021-05-03 CVE-2021-29241 NULL Pointer Dereference vulnerability in Codesys products
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
network
low complexity
codesys CWE-476
7.5
2021-05-03 CVE-2021-29242 Improper Input Validation vulnerability in Codesys products
CODESYS Control Runtime system before 3.5.17.0 has improper input validation.
network
low complexity
codesys CWE-20
7.3
2019-09-17 CVE-2019-9009 Improper Handling of Exceptional Conditions vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 .
network
low complexity
codesys CWE-755
7.5