Vulnerabilities > Codesys
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-26 | CVE-2021-34583 | Out-of-bounds Write vulnerability in Codesys Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 7.5 |
| 2021-10-26 | CVE-2021-34584 | Buffer Over-read vulnerability in Codesys Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 9.1 |
| 2021-10-26 | CVE-2021-34585 | Unchecked Return Value vulnerability in Codesys In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. | 7.5 |
| 2021-10-26 | CVE-2021-34586 | NULL Pointer Dereference vulnerability in Codesys In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | 7.5 |
| 2021-10-26 | CVE-2021-34593 | Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. | 7.5 |
| 2021-10-26 | CVE-2021-34595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | 8.1 |
| 2021-10-26 | CVE-2021-34596 | Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | 6.5 |
| 2021-08-25 | CVE-2021-21869 | Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-08-18 | CVE-2021-21867 | Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-08-18 | CVE-2021-21868 | Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |