Vulnerabilities > Codesys > Runtime Toolkit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-6357 | OS Command Injection vulnerability in Codesys products A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. | 8.8 |
| 2023-03-23 | CVE-2022-4224 | Insecure Default Initialization of Resource vulnerability in Codesys products In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | 8.8 |
| 2022-06-24 | CVE-2022-1965 | Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple products of CODESYS implement a improper error handling. | 8.1 |
| 2022-06-24 | CVE-2022-31805 | Unprotected Transport of Credentials vulnerability in Codesys products In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | 7.5 |
| 2022-06-24 | CVE-2022-31806 | Insecure Default Initialization of Resource vulnerability in Codesys Plcwinnt and Runtime Toolkit In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller. | 9.8 |
| 2022-06-24 | CVE-2022-32136 | Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. | 6.5 |
| 2022-06-24 | CVE-2022-32137 | Heap-based Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. | 8.8 |
| 2022-06-24 | CVE-2022-32138 | Unexpected Sign Extension vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. | 8.8 |
| 2022-06-24 | CVE-2022-32139 | Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. | 6.5 |
| 2022-06-24 | CVE-2022-32140 | Classic Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. | 6.5 |