Every CVE whose affected-product data names Codesys Gateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2022-31802 — CVSS 9.8 (critical): In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS…
CVE-2019-9010 — CVSS 9.8 (critical): An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication…
CVE-2019-9009 — CVSS 7.5 (high): An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
CVE-2019-9012 — CVSS 7.5 (high): An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the…
CVE-2021-29241 — CVSS 7.5 (high): CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
CVE-2018-20026 — CVSS 7.5 (high): Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
CVE-2022-22517 — CVSS 7.5 (high): An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and…
CVE-2022-30791 — CVSS 7.5 (high): In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP…
CVE-2022-30792 — CVSS 7.5 (high): In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new…
CVE-2022-31804 — CVSS 7.5 (high): The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may…
CVE-2022-31805 — CVSS 7.5 (high): In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and…
CVE-2021-36764 — CVSS 7.5 (high): In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer…
CVE-2021-29242 — CVSS 7.3 (high): CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change…
CVE-2022-22514 — CVSS 7.1 (high): An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to…
CVE-2020-7052 — CVSS 6.5 (medium): CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of…
CVE-2022-22513 — CVSS 6.5 (medium): An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which…
CVE-2022-31803 — CVSS 5.3 (medium): In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume…