Vulnerabilities > Codesys
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2022-4224 | Insecure Default Initialization of Resource vulnerability in Codesys products In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | 8.8 |
| 2023-03-23 | CVE-2018-25048 | Path Traversal vulnerability in Codesys products The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. | 8.8 |
| 2022-12-26 | CVE-2020-12069 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. | 7.8 |
| 2022-08-23 | CVE-2022-1989 | Information Exposure Through Discrepancy vulnerability in Codesys Visualization 4.0.0.0 All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | 5.3 |
| 2022-07-11 | CVE-2022-1794 | Insufficiently Protected Credentials vulnerability in Codesys OPC DA Server The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. | 5.5 |
| 2022-07-11 | CVE-2022-30791 | Resource Exhaustion vulnerability in Codesys products In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. | 7.5 |
| 2022-07-11 | CVE-2022-30792 | Resource Exhaustion vulnerability in Codesys products In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. | 7.5 |
| 2022-06-24 | CVE-2022-1965 | Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple products of CODESYS implement a improper error handling. | 8.1 |
| 2022-06-24 | CVE-2022-31802 | Partial String Comparison vulnerability in Codesys Gateway In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. | 9.8 |
| 2022-06-24 | CVE-2022-31803 | Resource Exhaustion vulnerability in Codesys Gateway In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. | 5.3 |