Codesys Control Runtime System Toolkit — known CVE vulnerabilities
Every CVE whose affected-product data names Codesys Control Runtime System Toolkit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (52)
CVE-2019-13548 — CVSS 9.8 (critical): CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could…
CVE-2019-18858 — CVSS 9.8 (critical): CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
CVE-2020-10245 — CVSS 9.8 (critical): CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
CVE-2022-47390 — CVSS 8.8 (high): An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS…
CVE-2022-47386 — CVSS 8.8 (high): An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS…
CVE-2022-47387 — CVSS 8.8 (high): An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS…
CVE-2022-47388 — CVSS 8.8 (high): An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS…
CVE-2022-47389 — CVSS 8.8 (high): An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS…
CVE-2022-4046 — CVSS 8.8 (high): In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker…
CVE-2022-47379 — CVSS 8.8 (high): An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write…
CVE-2022-47380 — CVSS 8.8 (high): An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions…
CVE-2022-47381 — CVSS 8.8 (high): An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions…
CVE-2022-47382 — CVSS 8.8 (high): An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS…
CVE-2022-47383 — CVSS 8.8 (high): An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS…
CVE-2022-47384 — CVSS 8.8 (high): An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS…
CVE-2022-47385 — CVSS 8.8 (high): An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS…
CVE-2022-22515 — CVSS 8.1 (high): A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order…
CVE-2022-30791 — CVSS 7.5 (high): In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP…
CVE-2022-30792 — CVSS 7.5 (high): In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new…
CVE-2021-36763 — CVSS 7.5 (high): In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVE-2019-13532 — CVSS 7.5 (high): CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow…
CVE-2021-29241 — CVSS 7.5 (high): CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
CVE-2022-47391 — CVSS 7.5 (high): In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to…
CVE-2022-22517 — CVSS 7.5 (high): An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and…
CVE-2022-22519 — CVSS 7.5 (high): A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of…
CVE-2021-29242 — CVSS 7.3 (high): CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change…
CVE-2022-22514 — CVSS 7.1 (high): An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to…
CVE-2023-37559 — CVSS 6.5 (medium): After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication…
CVE-2020-12068 — CVSS 6.5 (medium): An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to…
CVE-2020-7052 — CVSS 6.5 (medium): CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of…
CVE-2022-22513 — CVSS 6.5 (medium): An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which…
CVE-2022-22518 — CVSS 6.5 (medium): A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to…
CVE-2022-47378 — CVSS 6.5 (medium): Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may…
CVE-2022-47392 — CVSS 6.5 (medium): An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of…
CVE-2022-47393 — CVSS 6.5 (medium): An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in…
CVE-2023-37545 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37546 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37547 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37548 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37549 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37550 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37551 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication…
CVE-2023-37552 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37553 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37554 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37555 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37556 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37557 — CVSS 6.5 (medium): After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests…
CVE-2023-37558 — CVSS 6.5 (medium): After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication…
CVE-2022-22508 — CVSS 4.3 (medium): Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins…