Vulnerabilities > Codesys > HMI > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-23 CVE-2018-25048 Path Traversal vulnerability in Codesys products
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
network
low complexity
codesys CWE-22
8.8
2022-07-11 CVE-2022-30791 Resource Exhaustion vulnerability in Codesys products
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections.
network
low complexity
codesys CWE-400
7.5
2022-07-11 CVE-2022-30792 Resource Exhaustion vulnerability in Codesys products
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections.
network
low complexity
codesys CWE-400
7.5
2021-08-03 CVE-2021-36763 Files or Directories Accessible to External Parties vulnerability in Codesys products
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
network
low complexity
codesys CWE-552
7.5
2021-05-03 CVE-2021-29242 Improper Input Validation vulnerability in Codesys products
CODESYS Control Runtime system before 3.5.17.0 has improper input validation.
network
low complexity
codesys CWE-20
7.3
2020-07-22 CVE-2020-15806 Memory Leak vulnerability in Codesys products
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
network
low complexity
codesys CWE-401
7.5
2019-09-17 CVE-2019-9009 Improper Handling of Exceptional Conditions vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 .
network
low complexity
codesys CWE-755
7.5
2019-09-17 CVE-2019-9008 Incorrect Permission Assignment for Critical Resource vulnerability in Codesys products
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30.
network
low complexity
codesys CWE-732
8.8
2019-09-13 CVE-2019-13532 Path Traversal vulnerability in Codesys products
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
network
low complexity
codesys CWE-22
7.5