Codesys Runtime Toolkit — known CVE vulnerabilities
Every CVE whose affected-product data names Codesys Runtime Toolkit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2022-31806 — CVSS 9.8 (critical): In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no…
CVE-2022-4224 — CVSS 8.8 (high): In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify…
CVE-2023-6357 — CVSS 8.8 (high): A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which…
CVE-2022-32143 — CVSS 8.8 (high): In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware…
CVE-2022-32138 — CVSS 8.8 (high): In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a…
CVE-2019-9013 — CVSS 8.8 (high): An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user…
CVE-2022-32137 — CVSS 8.8 (high): In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting…
CVE-2022-1965 — CVSS 8.1 (high): Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not…
CVE-2022-32142 — CVSS 8.1 (high): Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with…
CVE-2021-34595 — CVSS 8.1 (high): A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and…
CVE-2025-41738 — CVSS 7.5 (high): An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a…
CVE-2021-33486 — CVSS 7.5 (high): All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of…
CVE-2021-34593 — CVSS 7.5 (high): In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in…
CVE-2022-31805 — CVSS 7.5 (high): In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and…
CVE-2022-32136 — CVSS 6.5 (medium): In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer…
CVE-2022-32141 — CVSS 6.5 (medium): Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset…
CVE-2022-32139 — CVSS 6.5 (medium): In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a…
CVE-2022-32140 — CVSS 6.5 (medium): Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer…
CVE-2021-34596 — CVSS 6.5 (medium): A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to…
CVE-2019-19789 — CVSS 6.5 (medium): 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before…
CVE-2021-30187 — CVSS 5.3 (medium): CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.