Vulnerabilities > Codesys > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-6357 | OS Command Injection vulnerability in Codesys products A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. | 8.8 |
| 2023-08-03 | CVE-2022-4046 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys products In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device. | 8.8 |
| 2023-08-03 | CVE-2023-3662 | Uncontrolled Search Path Element vulnerability in Codesys Development System In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . | 7.3 |
| 2023-08-03 | CVE-2023-3663 | Insufficient Verification of Data Authenticity vulnerability in Codesys Development System In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. | 8.8 |
| 2023-07-28 | CVE-2023-3670 | Exposure of Resource to Wrong Sphere vulnerability in Codesys Development System and Scripting In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. | 7.3 |
| 2023-05-15 | CVE-2022-47379 | Out-of-bounds Write vulnerability in Codesys products An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 |
| 2023-05-15 | CVE-2022-47380 | Out-of-bounds Write vulnerability in Codesys products An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 |
| 2023-05-15 | CVE-2022-47381 | Out-of-bounds Write vulnerability in Codesys products An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 |
| 2023-05-15 | CVE-2022-47382 | Out-of-bounds Write vulnerability in Codesys products An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 |
| 2023-05-15 | CVE-2022-47383 | Out-of-bounds Write vulnerability in Codesys products An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 |