Vulnerabilities > Codesys > Runtime Toolkit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2022-4224 | Unspecified vulnerability in Codesys products In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | 8.8 |
| 2022-06-24 | CVE-2022-32136 | Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. | 6.5 |
| 2021-10-26 | CVE-2021-34595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | 8.1 |
| 2021-10-26 | CVE-2021-34596 | Unspecified vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | 6.5 |
| 2021-08-03 | CVE-2021-33486 | Improper Handling of Exceptional Conditions vulnerability in Codesys Runtime Toolkit All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. | 7.5 |
| 2021-05-25 | CVE-2021-30186 | Out-of-bounds Write vulnerability in Codesys Plcwinnt and Runtime Toolkit CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | 7.5 |
| 2021-05-25 | CVE-2021-30195 | Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. | 7.5 |
| 2021-05-25 | CVE-2021-30187 | OS Command Injection vulnerability in Codesys Runtime Toolkit 2.4.7.54 CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | 5.3 |
| 2019-12-20 | CVE-2019-19789 | NULL Pointer Dereference vulnerability in Codesys Plcwinnt, Runtime Toolkit and SP Realtime NT 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference. | 6.5 |
| 2019-08-15 | CVE-2019-9013 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Codesys products An issue was discovered in 3S-Smart CODESYS V3 products. | 8.8 |