Vulnerabilities > Codesys

DATE CVE VULNERABILITY TITLE RISK
2021-05-03 CVE-2021-29241 NULL Pointer Dereference vulnerability in Codesys products
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
network
low complexity
codesys CWE-476
7.5
7.5
2021-05-03 CVE-2021-29238 Cross-Site Request Forgery (CSRF) vulnerability in Codesys Automation Server
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
network
low complexity
codesys CWE-352
8.8
8.8
2021-05-03 CVE-2021-29239 Insufficient Verification of Data Authenticity vulnerability in Codesys Development System
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
local
low complexity
codesys CWE-345
7.8
7.8
2021-05-03 CVE-2021-29242 Improper Input Validation vulnerability in Codesys products
CODESYS Control Runtime system before 3.5.17.0 has improper input validation.
network
low complexity
codesys CWE-20
7.3
7.3
2020-07-22 CVE-2020-15806 Memory Leak vulnerability in Codesys products
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
network
low complexity
codesys CWE-401
7.5
7.5
2020-05-14 CVE-2020-12068 Unspecified vulnerability in Codesys products
An issue was discovered in CODESYS Development System before 3.5.16.0.
network
low complexity
codesys
6.5
6.5
2020-05-07 CVE-2020-6081 Insufficient Verification of Data Authenticity vulnerability in Codesys Runtime 3.5.14.30
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30.
network
low complexity
codesys CWE-345
8.8
8.8
2020-03-26 CVE-2019-5105 Out-of-bounds Write vulnerability in Codesys 3.5.13.2
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService.
network
low complexity
codesys CWE-787
7.5
7.5
2020-03-26 CVE-2020-10245 Out-of-bounds Write vulnerability in Codesys products
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
network
low complexity
codesys CWE-787
critical
 9.8
9.8
2020-01-24 CVE-2020-7052 Allocation of Resources Without Limits or Throttling vulnerability in Codesys products
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
network
low complexity
codesys CWE-770
6.5
6.5