Vulnerabilities > Codesys > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-6876 Out-of-bounds Read vulnerability in Codesys Oscat Basic Library
Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.
local
low complexity
codesys CWE-125
4.4
2023-08-03 CVE-2023-37551 Unspecified vulnerability in Codesys products
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller.
network
low complexity
codesys
6.5
2023-08-03 CVE-2023-37552 Unspecified vulnerability in Codesys products
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.
network
low complexity
codesys
6.5
2023-05-15 CVE-2022-47378 Improper Input Validation vulnerability in Codesys products
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability.
network
low complexity
codesys CWE-20
6.5
2022-08-23 CVE-2022-1989 Information Exposure Through Discrepancy vulnerability in Codesys Visualization 4.0.0.0
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
network
low complexity
codesys CWE-203
5.3
2022-06-24 CVE-2022-32136 Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service.
network
low complexity
codesys CWE-824
6.5
2022-04-07 CVE-2022-22513 Unspecified vulnerability in Codesys products
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
network
low complexity
codesys
6.5
2021-10-26 CVE-2021-34596 Unspecified vulnerability in Codesys Plcwinnt and Runtime Toolkit
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
network
low complexity
codesys
6.5
2021-05-25 CVE-2021-30187 OS Command Injection vulnerability in Codesys Runtime Toolkit 2.4.7.54
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
local
low complexity
codesys CWE-78
5.3
2020-05-14 CVE-2020-12068 Unspecified vulnerability in Codesys products
An issue was discovered in CODESYS Development System before 3.5.16.0.
network
low complexity
codesys
6.5