Codesys Control For Linux Sl vulnerabilities
48 known vulnerabilities affecting codesys/codesys_control_for_linux_sl.
Total CVEs
48
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH26MEDIUM22
Vulnerabilities
Page 2 of 3
CVE-2023-37557MEDIUMCVSS 6.5fixed in V4.10.0.02023-08-03
CVE-2023-37557 [MEDIUM] CWE-787 CVE-2023-37557: After successful authentication as a user in multiple Codesys products in multiple versions, specifi
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
cvelistv5nvd
CVE-2023-37547MEDIUMCVSS 6.5fixed in V4.10.0.02023-08-03
CVE-2023-37547 [MEDIUM] CWE-20 CODESYS: Improper Input Validation in CmpApp component
CODESYS: Improper Input Validation in CmpApp component
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-3
cvelistv5
CVE-2023-37554MEDIUMCVSS 6.5fixed in V4.10.0.02023-08-03
CVE-2023-37554 [MEDIUM] CWE-20 CODESYS Improper Input Validation in CmpAppBP
CODESYS Improper Input Validation in CmpAppBP
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-3
cvelistv5
CVE-2023-37549MEDIUMCVSS 6.5fixed in V4.10.0.02023-08-03
CVE-2023-37549 [MEDIUM] CWE-20 CODESYS: Improper Input Validation in CmpApp component
CODESYS: Improper Input Validation in CmpApp component
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-3
cvelistv5
CVE-2022-47384HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47384 [HIGH] CWE-787 CVE-2022-47384: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47386HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47386 [HIGH] CWE-787 CVE-2022-47386: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47381HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47381 [HIGH] CWE-787 CVE-2022-47381: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47383HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47383 [HIGH] CWE-787 CVE-2022-47383: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47382HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47382 [HIGH] CWE-787 CVE-2022-47382: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47385HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47385 [HIGH] CWE-787 CVE-2022-47385: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47390HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47390 [HIGH] CWE-787 CVE-2022-47390: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47380HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47380 [HIGH] CWE-787 CVE-2022-47380: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multipl
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47389HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47389 [HIGH] CWE-787 CVE-2022-47389: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47387HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47387 [HIGH] CWE-787 CVE-2022-47387: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47379HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47379 [HIGH] CWE-787 CVE-2022-47379: An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS pr
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47388HIGHCVSS 8.8≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47388 [HIGH] CWE-787 CVE-2022-47388: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47391HIGHCVSS 7.5≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47391 [HIGH] CWE-20 CVE-2022-47391: In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a imprope
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
cvelistv5nvd
CVE-2022-47393MEDIUMCVSS 6.5≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47393 [MEDIUM] CWE-119 CVE-2022-47393: An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
cvelistv5nvd
CVE-2022-47378MEDIUMCVSS 6.5≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47378 [MEDIUM] CWE-20 CVE-2022-47378: Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerabilit
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
cvelistv5nvd
CVE-2022-47392MEDIUMCVSS 6.5≥ V0.0.0.0, < V4.8.0.02023-05-15
CVE-2022-47392 [MEDIUM] CWE-20 CVE-2022-47392: An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/Cm
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
cvelistv5nvd