Codesys Development System V3 vulnerabilities
30 known vulnerabilities affecting codesys/codesys_development_system_v3.
Total CVEs
30
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH21MEDIUM9
Vulnerabilities
Page 1 of 2
CVE-2023-5751HIGHCVSS 7.8fixed in 3.5.20.102024-06-04
CVE-2023-5751 [HIGH] CWE-668 CVE-2023-5751: A local attacker with low privileges can read and modify any users files and cause a DoS in the work
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.
nvd
CVE-2023-37552MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37552 [MEDIUM] CWE-20 CVE-2023-37552: In multiple versions of multiple Codesys products, after successful authentication as a user, specif
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CV
nvd
CVE-2023-37558MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37558 [MEDIUM] CWE-20 CVE-2023-37558: After successful authentication as a user in multiple Codesys products in multiple versions, specifi
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559
nvd
CVE-2023-37545MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37545 [MEDIUM] CWE-20 CVE-2023-37545: In multiple Codesys products in multiple versions, after successful authentication as a user, specif
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-
nvd
CVE-2023-37557MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37557 [MEDIUM] CWE-787 CVE-2023-37557: After successful authentication as a user in multiple Codesys products in multiple versions, specifi
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
nvd
CVE-2023-37551MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37551 [MEDIUM] CWE-552 CVE-2023-37551: In multiple Codesys products in multiple versions, after successful authentication as a user, specia
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed her
nvd
CVE-2022-47384HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47384 [HIGH] CWE-787 CVE-2022-47384: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47386HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47386 [HIGH] CWE-787 CVE-2022-47386: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47381HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47381 [HIGH] CWE-787 CVE-2022-47381: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47382HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47382 [HIGH] CWE-787 CVE-2022-47382: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47390HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47390 [HIGH] CWE-787 CVE-2022-47390: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47383HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47383 [HIGH] CWE-787 CVE-2022-47383: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47389HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47389 [HIGH] CWE-787 CVE-2022-47389: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47388HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47388 [HIGH] CWE-787 CVE-2022-47388: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47391HIGHCVSS 7.5≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47391 [HIGH] CWE-20 CVE-2022-47391: In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a imprope
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
nvd
CVE-2022-47379HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47379 [HIGH] CWE-787 CVE-2022-47379: An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS pr
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47387HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47387 [HIGH] CWE-787 CVE-2022-47387: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-4048HIGHCVSS 7.7≥ V0.0.0.0, < V3.5.18.402023-05-15
CVE-2022-4048 [HIGH] CWE-326 CVE-2022-4048: Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.
nvd
CVE-2022-47380HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47380 [HIGH] CWE-787 CVE-2022-47380: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multipl
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47385HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47385 [HIGH] CWE-787 CVE-2022-47385: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
1 / 2Next →