Every CVE whose affected-product data names Codesys Control Win, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2019-13548 — CVSS 9.8 (critical): CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could…
CVE-2020-10245 — CVSS 9.8 (critical): CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
CVE-2019-18858 — CVSS 9.8 (critical): CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
CVE-2018-25048 — CVSS 8.8 (high): The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access…
CVE-2019-9008 — CVSS 8.8 (high): An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
CVE-2022-30792 — CVSS 7.5 (high): In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new…
CVE-2019-9009 — CVSS 7.5 (high): An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
CVE-2019-13532 — CVSS 7.5 (high): CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow…
CVE-2022-30791 — CVSS 7.5 (high): In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP…
CVE-2021-29242 — CVSS 7.3 (high): CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change…
CVE-2020-7052 — CVSS 6.5 (medium): CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of…
CVE-2020-12068 — CVSS 6.5 (medium): An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to…
CVE-2019-13542 — CVSS 6.5 (medium): 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests…