Vulnerabilities > Codesys > HMI > 3.5.16.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-37551 | Unspecified vulnerability in Codesys products In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. | 6.5 |
| 2023-08-03 | CVE-2023-37552 | Unspecified vulnerability in Codesys products In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. | 6.5 |
| 2021-08-03 | CVE-2021-33485 | Out-of-bounds Write vulnerability in Codesys products CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | 9.8 |
| 2021-08-03 | CVE-2021-36763 | Files or Directories Accessible to External Parties vulnerability in Codesys products In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | 7.5 |
| 2021-05-03 | CVE-2021-29242 | Improper Input Validation vulnerability in Codesys products CODESYS Control Runtime system before 3.5.17.0 has improper input validation. | 7.3 |
| 2020-07-22 | CVE-2020-15806 | Memory Leak vulnerability in Codesys products CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. | 7.5 |