|ID||CVSS||Summary||Last (major) update||Published|
In CODESYS V3 web server before 220.127.116.11, files or directories are accessible to External Parties.
|17-08-2021 - 14:01||03-08-2021 - 16:15|
CODESYS Control Runtime system before 18.104.22.168 has a Heap-based Buffer Overflow.
|17-08-2021 - 13:14||03-08-2021 - 16:15|
CODESYS 3 web server before 22.214.171.124, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
|22-11-2019 - 16:51||20-11-2019 - 18:15|
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.
|12-05-2022 - 19:42||07-04-2022 - 19:15|
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
|10-05-2022 - 15:22||07-04-2022 - 19:15|
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
|18-04-2022 - 13:19||07-04-2022 - 19:15|
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
|12-05-2022 - 19:37||07-04-2022 - 19:15|
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally
|10-05-2022 - 16:01||07-04-2022 - 19:15|
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
|10-05-2022 - 16:00||07-04-2022 - 19:15|