Vulnerabilities > Codesys > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-1965 | Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple products of CODESYS implement a improper error handling. | 8.1 |
| 2022-06-24 | CVE-2022-31802 | Partial String Comparison vulnerability in Codesys Gateway In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. | 7.5 |
| 2022-06-24 | CVE-2022-31805 | Unprotected Transport of Credentials vulnerability in Codesys products In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | 7.5 |
| 2022-04-07 | CVE-2022-22516 | Incorrect Permission Assignment for Critical Resource vulnerability in Codesys products The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | 7.2 |
| 2021-10-26 | CVE-2021-34595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | 8.1 |
| 2021-08-25 | CVE-2021-21869 | Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-08-05 | CVE-2021-21863 | Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-08-03 | CVE-2021-33485 | Out-of-bounds Write vulnerability in Codesys products CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | 7.5 |
| 2021-08-02 | CVE-2021-21864 | Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |
| 2021-08-02 | CVE-2021-21866 | Deserialization of Untrusted Data vulnerability in Codesys Development System 3.5.16.0/3.5.17.0 A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. | 7.8 |