Vulnerabilities > Codesys > Plcwinnt > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-1965 | Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple products of CODESYS implement a improper error handling. | 8.1 |
| 2022-06-24 | CVE-2022-31805 | Unprotected Transport of Credentials vulnerability in Codesys products In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | 7.5 |
| 2022-06-24 | CVE-2022-32137 | Heap-based Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. | 8.8 |
| 2022-06-24 | CVE-2022-32138 | Unexpected Sign Extension vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. | 8.8 |
| 2022-06-24 | CVE-2022-32142 | Use of Out-of-range Pointer Offset vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS Products are prone to a out-of bounds read or write access. | 8.1 |
| 2022-06-24 | CVE-2022-32143 | Files or Directories Accessible to External Parties vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. | 8.8 |
| 2021-10-26 | CVE-2021-34593 | Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. | 7.5 |
| 2021-10-26 | CVE-2021-34595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | 8.1 |
| 2021-05-25 | CVE-2021-30186 | Out-of-bounds Write vulnerability in Codesys Plcwinnt and Runtime Toolkit CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | 7.5 |
| 2021-05-25 | CVE-2021-30195 | Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. | 7.5 |