Codesys Development System — known CVE vulnerabilities
Every CVE whose affected-product data names Codesys Development System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2019-9010 — CVSS 9.8 (critical): An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication…
CVE-2019-9013 — CVSS 8.8 (high): An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user…
CVE-2023-3663 — CVSS 8.8 (high): In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote…
CVE-2022-4224 — CVSS 8.8 (high): In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify…
CVE-2022-22515 — CVSS 8.1 (high): A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order…
CVE-2021-21864 — CVSS 7.8 (high): A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH…
CVE-2021-21865 — CVSS 7.8 (high): A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH…
CVE-2021-21866 — CVSS 7.8 (high): A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH…
CVE-2021-29239 — CVSS 7.8 (high): CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking…
CVE-2021-29240 — CVSS 7.8 (high): The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be…
CVE-2022-22516 — CVSS 7.8 (high): The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted…
CVE-2026-44468 — CVSS 7.8 (high): The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged…
CVE-2021-21863 — CVSS 7.8 (high): A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development…
CVE-2026-44469 — CVSS 7.8 (high): The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative…
CVE-2022-22517 — CVSS 7.5 (high): An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and…
CVE-2019-9012 — CVSS 7.5 (high): An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the…
CVE-2021-29241 — CVSS 7.5 (high): CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
CVE-2022-22519 — CVSS 7.5 (high): A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of…
CVE-2022-30791 — CVSS 7.5 (high): In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP…
CVE-2022-30792 — CVSS 7.5 (high): In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new…
CVE-2022-31805 — CVSS 7.5 (high): In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and…
CVE-2023-3662 — CVSS 7.3 (high): In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the…
CVE-2023-3670 — CVSS 7.3 (high): In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an…
CVE-2022-22514 — CVSS 7.1 (high): An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to…
CVE-2023-37547 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37548 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37549 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37550 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37551 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication…
CVE-2023-37552 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37553 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37554 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37555 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37556 — CVSS 6.5 (medium): In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication…
CVE-2023-37557 — CVSS 6.5 (medium): After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests…
CVE-2023-37558 — CVSS 6.5 (medium): After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication…
CVE-2023-37559 — CVSS 6.5 (medium): After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication…
CVE-2022-22513 — CVSS 6.5 (medium): An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which…
CVE-2020-12068 — CVSS 6.5 (medium): An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to…
CVE-2023-37545 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-37546 — CVSS 6.5 (medium): In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication…
CVE-2023-3669 — CVSS 3.3 (low): A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of…