Vulnerabilities > Codesys > Runtime Toolkit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-32141 | Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS Products are prone to a buffer over read. | 6.5 |
| 2022-06-24 | CVE-2022-32142 | Use of Out-of-range Pointer Offset vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS Products are prone to a out-of bounds read or write access. | 8.1 |
| 2022-06-24 | CVE-2022-32143 | Files or Directories Accessible to External Parties vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. | 8.8 |
| 2021-10-26 | CVE-2021-34593 | Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. | 7.5 |
| 2021-10-26 | CVE-2021-34595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | 8.1 |
| 2021-10-26 | CVE-2021-34596 | Access of Uninitialized Pointer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | 6.5 |
| 2021-08-03 | CVE-2021-33486 | Improper Handling of Exceptional Conditions vulnerability in Codesys Runtime Toolkit All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. | 7.5 |
| 2021-05-25 | CVE-2021-30186 | Out-of-bounds Write vulnerability in Codesys Plcwinnt and Runtime Toolkit CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | 7.5 |
| 2021-05-25 | CVE-2021-30195 | Out-of-bounds Read vulnerability in Codesys Plcwinnt and Runtime Toolkit CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. | 7.5 |
| 2021-05-25 | CVE-2021-30187 | OS Command Injection vulnerability in Codesys Runtime Toolkit 2.4.7.54 CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | 5.3 |