Skip to main content

Codesys Runtime System

6 CVEs product

Monthly

CVE-2018-5440 CRITICAL Act Now

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Buffer Overflow Stack Overflow Codesys Runtime System +1
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2015-6482 MEDIUM This Month

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Codesys Runtime System
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-0769 CRITICAL Act Now

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Softmotion Cecx X M1 Modular Controller Codesys Runtime System Cecx X C1 Modular Master Controller
NVD
CVSS 2.0
9.3
EPSS
0.6%
CVE-2014-0760 CRITICAL Act Now

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Authentication Bypass Codesys Runtime System Cecx X C1 Modular Master Controller +2
NVD VulDB
CVSS 2.0
9.3
EPSS
3.4%
CVE-2012-6069 CRITICAL Act Now

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Codesys Runtime System
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2012-6068 CRITICAL Act Now

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Codesys Runtime System
NVD
CVSS 3.1
9.8
EPSS
4.4%
EPSS 3% CVSS 9.8
CRITICAL Act Now

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Codesys Runtime System
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Softmotion Cecx X M1 Modular Controller +2
NVD
EPSS 3% CVSS 9.3
CRITICAL Act Now

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Authentication Bypass +4
NVD VulDB
EPSS 2% CVSS 10.0
CRITICAL Act Now

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Codesys Runtime System
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Codesys Runtime System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy