Vulnerabilities > Codesys > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-10 | CVE-2024-6876 | Out-of-bounds Read vulnerability in Codesys Oscat Basic Library Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. | 4.4 |
2023-08-03 | CVE-2023-37551 | Unspecified vulnerability in Codesys products In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. | 6.5 |
2023-08-03 | CVE-2023-37552 | Unspecified vulnerability in Codesys products In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. | 6.5 |
2023-05-15 | CVE-2022-47378 | Improper Input Validation vulnerability in Codesys products Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. | 6.5 |
2022-08-23 | CVE-2022-1989 | Information Exposure Through Discrepancy vulnerability in Codesys Visualization 4.0.0.0 All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | 5.3 |
2022-06-24 | CVE-2022-32136 | Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. | 6.5 |
2022-04-07 | CVE-2022-22513 | Unspecified vulnerability in Codesys products An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | 6.5 |
2021-10-26 | CVE-2021-34596 | Unspecified vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | 6.5 |
2021-05-25 | CVE-2021-30187 | OS Command Injection vulnerability in Codesys Runtime Toolkit 2.4.7.54 CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | 5.3 |
2020-05-14 | CVE-2020-12068 | Unspecified vulnerability in Codesys products An issue was discovered in CODESYS Development System before 3.5.16.0. | 6.5 |