Skip to main content

Development System

39 CVEs product

Monthly

CVE-2023-3669 LOW Monitor

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-37559 MEDIUM This Month

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37558 MEDIUM This Month

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37557 MEDIUM This Month

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl +13
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37556 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37555 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37554 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37553 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37552 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37551 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl +13
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-37550 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37549 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37548 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37547 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37546 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3663 HIGH This Week

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-3662 HIGH This Week

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-37545 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3670 HIGH This Week

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System Scripting
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-30792 HIGH This Week

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Sl Control For Linux Sl +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-30791 HIGH This Week

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Sl Control For Linux Sl +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-31805 HIGH This Week

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Development System Edge Gateway Gateway Hmi Sl +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-22519 HIGH This Week

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +14
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-22517 HIGH This Week

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +16
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-22516 HIGH This Week

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Control Rte Sl Control Rte Sl For Beckhoff Cx Control Win Sl +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-22515 HIGH This Week

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +14
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-22514 HIGH This Week

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +16
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2022-22513 MEDIUM This Month

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl +17
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21863 HIGH PATCH This Week

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Development System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-21866 HIGH POC PATCH This Week

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Development System
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-21865 HIGH PATCH This Week

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Development System
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-21864 HIGH POC PATCH This Week

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Development System
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-29240 HIGH POC This Week

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Development System
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-29241 HIGH This Week

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl +8
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-29239 HIGH This Week

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-12068 MEDIUM This Month

An issue was discovered in CODESYS Development System before 3.5.16.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Pfc100 +8
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-9012 HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +6
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-9010 CRITICAL Act Now

An issue was discovered in 3S-Smart CODESYS V3 products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +6
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-9013 HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +8
NVD
CVSS 3.1
8.8
EPSS
0.3%
EPSS 0% CVSS 3.3
LOW Monitor

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Control For Beaglebone Sl +15
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Control For Beaglebone Sl +15
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +14
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System Scripting
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Control For Empc A Imx6 +17
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Control For Empc A Imx6 +17
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Development System Edge Gateway +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Control For Beaglebone Sl Control For Beckhoff Cx9020 +16
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Control For Beaglebone Sl Control For Beckhoff Cx9020 +18
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Control Rte Sl +3
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Beckhoff Cx9020 +16
NVD
EPSS 1% CVSS 7.1
HIGH This Week

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Sl Control For Beckhoff Cx9020 +18
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Control For Beaglebone Sl +19
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Development System
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Development System
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Development System
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Development System
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Development System
NVD
EPSS 0% CVSS 7.5
HIGH This Week

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Control For Beaglebone Sl +10
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in CODESYS Development System before 3.5.16.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control For Beaglebone Control For Empc A Imx6 +10
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Sl Control For Empc A Imx6 Sl +8
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in 3S-Smart CODESYS V3 products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +8
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy