Vulnerabilities > Codesys > Plcwinnt

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-1965 Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit
Multiple products of CODESYS implement a improper error handling.
network
low complexity
codesys CWE-755
8.1
2022-06-24 CVE-2022-31805 Unprotected Transport of Credentials vulnerability in Codesys products
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
network
low complexity
codesys CWE-523
7.5
2022-06-24 CVE-2022-31806 Insecure Default Initialization of Resource vulnerability in Codesys Plcwinnt and Runtime Toolkit
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
network
low complexity
codesys CWE-1188
critical
9.8
2022-06-24 CVE-2022-32136 Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service.
network
low complexity
codesys CWE-824
6.5
2022-06-24 CVE-2022-32137 Heap-based Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite.
network
low complexity
codesys CWE-122
8.8
2022-06-24 CVE-2022-32138 Unexpected Sign Extension vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.
network
low complexity
codesys CWE-194
8.8
2022-06-24 CVE-2022-32139 Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition.
network
low complexity
codesys CWE-125
6.5
2022-06-24 CVE-2022-32140 Classic Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit
Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition.
network
low complexity
codesys CWE-120
6.5
2022-06-24 CVE-2022-32141 Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit
Multiple CODESYS Products are prone to a buffer over read.
network
low complexity
codesys CWE-125
6.5
2022-06-24 CVE-2022-32142 Use of Out-of-range Pointer Offset vulnerability in Codesys Plcwinnt and Runtime Toolkit
Multiple CODESYS Products are prone to a out-of bounds read or write access.
network
low complexity
codesys CWE-823
8.1