Vulnerabilities > Codesys > Runtime Toolkit > 2.4.7.54

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-32136 Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service.
network
low complexity
codesys CWE-824
6.5
2021-10-26 CVE-2021-34595 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys Plcwinnt and Runtime Toolkit
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
network
low complexity
codesys CWE-119
8.1
2021-10-26 CVE-2021-34596 Unspecified vulnerability in Codesys Plcwinnt and Runtime Toolkit
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
network
low complexity
codesys
6.5
2021-05-25 CVE-2021-30186 Out-of-bounds Write vulnerability in Codesys Plcwinnt and Runtime Toolkit
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
network
low complexity
codesys CWE-787
7.5
2021-05-25 CVE-2021-30195 Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
network
low complexity
codesys CWE-125
7.5
2021-05-25 CVE-2021-30187 OS Command Injection vulnerability in Codesys Runtime Toolkit 2.4.7.54
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
local
low complexity
codesys CWE-78
5.3