Codesys Control Rte vulnerabilities
46 known vulnerabilities affecting codesys/codesys_control_rte.
Total CVEs
46
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH26MEDIUM20
Vulnerabilities
Page 2 of 3
CVE-2023-37554MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37554 [MEDIUM] CWE-20 CODESYS Improper Input Validation in CmpAppBP
CODESYS Improper Input Validation in CmpAppBP
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-3
cvelistv5
CVE-2023-37549MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37549 [MEDIUM] CWE-20 CODESYS: Improper Input Validation in CmpApp component
CODESYS: Improper Input Validation in CmpApp component
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-3
cvelistv5
CVE-2022-47384HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47384 [HIGH] CWE-787 CVE-2022-47384: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47386HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47386 [HIGH] CWE-787 CVE-2022-47386: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47381HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47381 [HIGH] CWE-787 CVE-2022-47381: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47383HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47383 [HIGH] CWE-787 CVE-2022-47383: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47382HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47382 [HIGH] CWE-787 CVE-2022-47382: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47385HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47385 [HIGH] CWE-787 CVE-2022-47385: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47390HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47390 [HIGH] CWE-787 CVE-2022-47390: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47380HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47380 [HIGH] CWE-787 CVE-2022-47380: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multipl
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47389HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47389 [HIGH] CWE-787 CVE-2022-47389: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47387HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47387 [HIGH] CWE-787 CVE-2022-47387: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47379HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47379 [HIGH] CWE-787 CVE-2022-47379: An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS pr
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47388HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47388 [HIGH] CWE-787 CVE-2022-47388: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
cvelistv5nvd
CVE-2022-47391HIGHCVSS 7.5≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47391 [HIGH] CWE-20 CVE-2022-47391: In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a imprope
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
cvelistv5nvd
CVE-2022-47393MEDIUMCVSS 6.5≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47393 [MEDIUM] CWE-119 CVE-2022-47393: An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
cvelistv5nvd
CVE-2022-47378MEDIUMCVSS 6.5≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47378 [MEDIUM] CWE-20 CVE-2022-47378: Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerabilit
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
cvelistv5nvd
CVE-2022-47392MEDIUMCVSS 6.5≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47392 [MEDIUM] CWE-20 CVE-2022-47392: An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/Cm
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
cvelistv5nvd
CVE-2022-30792HIGHCVSS 7.5≥ V3, < V3.5.18.202022-07-11
CVE-2022-30792 [HIGH] CWE-400 CVE-2022-30792: In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
cvelistv5nvd
CVE-2022-30791HIGHCVSS 7.5≥ V3, < V3.5.18.202022-07-11
CVE-2022-30791 [HIGH] CWE-400 CVE-2022-30791: In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an u
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
cvelistv5nvd