Vulnerabilities > Codesys > Runtime Toolkit > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-6357 | OS Command Injection vulnerability in Codesys products A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. | 8.8 |
| 2023-03-23 | CVE-2022-4224 | Insecure Default Initialization of Resource vulnerability in Codesys products In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | 8.8 |
| 2022-06-24 | CVE-2022-1965 | Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple products of CODESYS implement a improper error handling. | 8.1 |
| 2022-06-24 | CVE-2022-31805 | Unprotected Transport of Credentials vulnerability in Codesys products In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | 7.5 |
| 2022-06-24 | CVE-2022-32137 | Heap-based Buffer Overflow vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. | 8.8 |
| 2022-06-24 | CVE-2022-32138 | Unexpected Sign Extension vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. | 8.8 |
| 2022-06-24 | CVE-2022-32142 | Use of Out-of-range Pointer Offset vulnerability in Codesys Plcwinnt and Runtime Toolkit Multiple CODESYS Products are prone to a out-of bounds read or write access. | 8.1 |
| 2022-06-24 | CVE-2022-32143 | Files or Directories Accessible to External Parties vulnerability in Codesys Plcwinnt and Runtime Toolkit In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. | 8.8 |
| 2021-10-26 | CVE-2021-34593 | Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. | 7.5 |
| 2021-10-26 | CVE-2021-34595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys Plcwinnt and Runtime Toolkit A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | 8.1 |