Vulnerabilities > Codesys > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-25 | CVE-2021-30187 | OS Command Injection vulnerability in Codesys Runtime Toolkit 2.4.7.54 CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | 5.3 |
| 2020-05-14 | CVE-2020-12068 | Unspecified vulnerability in Codesys products An issue was discovered in CODESYS Development System before 3.5.16.0. | 6.5 |
| 2020-01-24 | CVE-2020-7052 | Allocation of Resources Without Limits or Throttling vulnerability in Codesys products CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. | 6.5 |
| 2019-12-20 | CVE-2019-19789 | NULL Pointer Dereference vulnerability in Codesys Plcwinnt, Runtime Toolkit and SP Realtime NT 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference. | 6.5 |
| 2019-09-17 | CVE-2019-13542 | NULL Pointer Dereference vulnerability in Codesys products 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. | 6.5 |