Vulnerabilities > Codesys > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-23 | CVE-2022-1989 | Information Exposure Through Discrepancy vulnerability in Codesys Visualization 4.0.0.0 All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | 5.3 |
| 2022-07-11 | CVE-2022-1794 | Insufficiently Protected Credentials vulnerability in Codesys OPC DA Server The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. | 5.5 |
| 2022-06-24 | CVE-2022-31803 | Resource Exhaustion vulnerability in Codesys Gateway In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. | 5.3 |
| 2022-06-24 | CVE-2022-32136 | Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. | 6.5 |
| 2022-06-24 | CVE-2022-32139 | Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. | 6.5 |
| 2022-06-24 | CVE-2022-32140 | Classic Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. | 6.5 |
| 2022-06-24 | CVE-2022-32141 | Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS Products are prone to a buffer over read. | 6.5 |
| 2022-04-07 | CVE-2022-22513 | NULL Pointer Dereference vulnerability in Codesys products An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | 6.5 |
| 2022-04-07 | CVE-2022-22518 | Incorrect Default Permissions vulnerability in Codesys products A bug in CmpUserMgr component can lead to only partially applied security policies. | 6.5 |
| 2021-10-26 | CVE-2021-34596 | Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | 6.5 |