Vulnerabilities > Codesys > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-31802 Partial String Comparison vulnerability in Codesys Gateway
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password.
network
low complexity
codesys CWE-187
critical
 9.8
9.8
2022-06-24 CVE-2022-31806 Insecure Default Initialization of Resource vulnerability in Codesys Plcwinnt and Runtime Toolkit
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
network
low complexity
codesys CWE-1188
critical
 9.8
9.8
2021-10-26 CVE-2021-34584 Buffer Over-read vulnerability in Codesys
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
network
low complexity
codesys CWE-126
critical
 9.1
9.1
2021-08-03 CVE-2021-33485 Out-of-bounds Write vulnerability in Codesys products
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
network
low complexity
codesys CWE-787
critical
 9.8
9.8
2021-05-25 CVE-2021-30188 Out-of-bounds Write vulnerability in Codesys V2 Runtime System SP
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
network
low complexity
codesys CWE-787
critical
 9.8
9.8
2021-05-25 CVE-2021-30189 Out-of-bounds Write vulnerability in Codesys V2 web Server
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
network
low complexity
codesys CWE-787
critical
 9.8
9.8
2021-05-25 CVE-2021-30190 Missing Authentication for Critical Function vulnerability in Codesys V2 web Server
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
network
low complexity
codesys CWE-306
critical
 9.8
9.8
2021-05-25 CVE-2021-30192 Unspecified vulnerability in Codesys V2 web Server
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
network
low complexity
codesys
critical
 9.8
9.8
2021-05-25 CVE-2021-30193 Out-of-bounds Write vulnerability in Codesys V2 web Server
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
network
low complexity
codesys CWE-787
critical
 9.8
9.8
2021-05-25 CVE-2021-30194 Out-of-bounds Read vulnerability in Codesys V2 web Server
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
network
low complexity
codesys CWE-125
critical
 9.1
9.1