Vulnerabilities > Codesys
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-32137 | Heap-based Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. | 6.5 |
| 2022-06-24 | CVE-2022-32138 | Unexpected Sign Extension vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. | 6.5 |
| 2022-06-24 | CVE-2022-32139 | Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. | 4.0 |
| 2022-06-24 | CVE-2022-32140 | Classic Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. | 4.0 |
| 2022-06-24 | CVE-2022-32141 | Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS Products are prone to a buffer over read. | 6.5 |
| 2022-06-24 | CVE-2022-32142 | Use of Out-of-range Pointer Offset vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS Products are prone to a out-of bounds read or write access. | 5.5 |
| 2022-06-24 | CVE-2022-32143 | Files or Directories Accessible to External Parties vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. | 6.5 |
| 2022-04-07 | CVE-2022-22513 | NULL Pointer Dereference vulnerability in Codesys products An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | 3.5 |
| 2022-04-07 | CVE-2022-22514 | Untrusted Pointer Dereference vulnerability in Codesys products An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. | 4.9 |
| 2022-04-07 | CVE-2022-22515 | Exposure of Resource to Wrong Sphere vulnerability in Codesys products A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | 4.9 |