Vulnerabilities > Codesys
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-07 | CVE-2022-22513 | Unspecified vulnerability in Codesys products An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | 6.5 |
| 2022-04-07 | CVE-2022-22514 | Unspecified vulnerability in Codesys products An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. | 7.1 |
| 2022-04-07 | CVE-2022-22516 | Unspecified vulnerability in Codesys products The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | 7.8 |
| 2022-04-07 | CVE-2022-22517 | Use of Insufficiently Random Values vulnerability in Codesys products An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. | 7.5 |
| 2022-04-07 | CVE-2022-22519 | Unspecified vulnerability in Codesys products A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | 7.5 |
| 2022-02-02 | CVE-2022-22510 | NULL Pointer Dereference vulnerability in Codesys Profinet 4.2.0.0 Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP. | 7.5 |
| 2021-12-01 | CVE-2021-34599 | Unspecified vulnerability in Codesys GIT Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. | 7.4 |
| 2021-10-26 | CVE-2021-34583 | Out-of-bounds Write vulnerability in Codesys Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 7.5 |
| 2021-10-26 | CVE-2021-34584 | Unspecified vulnerability in Codesys Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 9.1 |
| 2021-10-26 | CVE-2021-34586 | NULL Pointer Dereference vulnerability in Codesys In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | 7.5 |