Vulnerabilities > Codesys

DATE CVE VULNERABILITY TITLE RISK
2021-05-25 CVE-2021-30192 Unspecified vulnerability in Codesys V2 web Server
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
network
low complexity
codesys
7.5
2021-05-25 CVE-2021-30193 Out-of-bounds Write vulnerability in Codesys V2 web Server
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
network
low complexity
codesys CWE-787
7.5
2021-05-25 CVE-2021-30194 Out-of-bounds Read vulnerability in Codesys V2 web Server
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
network
low complexity
codesys CWE-125
6.4
2021-05-25 CVE-2021-30195 Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
network
low complexity
codesys CWE-125
5.0
2021-05-25 CVE-2021-30187 OS Command Injection vulnerability in Codesys Runtime Toolkit 2.4.7.54
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
local
low complexity
codesys CWE-78
4.6
2021-05-04 CVE-2021-29240 Unspecified vulnerability in Codesys Development System
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
network
codesys
6.8
2021-05-03 CVE-2021-29241 NULL Pointer Dereference vulnerability in Codesys products
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
network
low complexity
codesys CWE-476
5.0
2021-05-03 CVE-2021-29238 Cross-Site Request Forgery (CSRF) vulnerability in Codesys Automation Server
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
network
codesys CWE-352
6.8
2021-05-03 CVE-2021-29242 Improper Input Validation vulnerability in Codesys products
CODESYS Control Runtime system before 3.5.17.0 has improper input validation.
network
low complexity
codesys CWE-20
7.5
2020-07-22 CVE-2020-15806 Allocation of Resources Without Limits or Throttling vulnerability in Codesys products
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
network
low complexity
codesys CWE-770
5.0