Every CVE whose affected-product data names Codesys Plcwinnt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2022-31806 — CVSS 9.8 (critical): In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no…
CVE-2022-32143 — CVSS 8.8 (high): In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware…
CVE-2022-32137 — CVSS 8.8 (high): In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting…
CVE-2022-32138 — CVSS 8.8 (high): In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a…
CVE-2021-34595 — CVSS 8.1 (high): A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and…
CVE-2022-1965 — CVSS 8.1 (high): Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not…
CVE-2022-32142 — CVSS 8.1 (high): Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with…
CVE-2022-31805 — CVSS 7.5 (high): In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and…
CVE-2021-34593 — CVSS 7.5 (high): In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in…
CVE-2019-19789 — CVSS 6.5 (medium): 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before…
CVE-2022-32139 — CVSS 6.5 (medium): In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a…
CVE-2022-32140 — CVSS 6.5 (medium): Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer…
CVE-2022-32141 — CVSS 6.5 (medium): Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset…
CVE-2022-32136 — CVSS 6.5 (medium): In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer…
CVE-2021-34596 — CVSS 6.5 (medium): A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to…