Vulnerabilities > Codesys > Remote Target Visu Toolkit > 3.5.16.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-07 | CVE-2022-22513 | Unspecified vulnerability in Codesys products An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | 6.5 |
| 2022-04-07 | CVE-2022-22514 | Unspecified vulnerability in Codesys products An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. | 7.1 |
| 2022-04-07 | CVE-2022-22517 | Use of Insufficiently Random Values vulnerability in Codesys products An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. | 7.5 |
| 2022-04-07 | CVE-2022-22519 | Unspecified vulnerability in Codesys products A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | 7.5 |
| 2021-08-03 | CVE-2021-33485 | Out-of-bounds Write vulnerability in Codesys products CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | 9.8 |
| 2021-08-03 | CVE-2021-36763 | Files or Directories Accessible to External Parties vulnerability in Codesys products In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | 7.5 |
| 2021-05-03 | CVE-2021-29242 | Improper Input Validation vulnerability in Codesys products CODESYS Control Runtime system before 3.5.17.0 has improper input validation. | 7.3 |