Codesys Safety Sil2 Runtime Toolkit vulnerabilities
21 known vulnerabilities affecting codesys/codesys_safety_sil2_runtime_toolkit.
Total CVEs
21
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH13MEDIUM8
Vulnerabilities
Page 1 of 2
CVE-2023-37552MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37552 [MEDIUM] CWE-20 CVE-2023-37552: In multiple versions of multiple Codesys products, after successful authentication as a user, specif
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CV
nvd
CVE-2023-37558MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37558 [MEDIUM] CWE-20 CVE-2023-37558: After successful authentication as a user in multiple Codesys products in multiple versions, specifi
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559
nvd
CVE-2023-37545MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37545 [MEDIUM] CWE-20 CVE-2023-37545: In multiple Codesys products in multiple versions, after successful authentication as a user, specif
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-
nvd
CVE-2023-37557MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37557 [MEDIUM] CWE-787 CVE-2023-37557: After successful authentication as a user in multiple Codesys products in multiple versions, specifi
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
nvd
CVE-2023-37551MEDIUMCVSS 6.5fixed in V3.5.19.202023-08-03
CVE-2023-37551 [MEDIUM] CWE-552 CVE-2023-37551: In multiple Codesys products in multiple versions, after successful authentication as a user, specia
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed her
nvd
CVE-2022-47384HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47384 [HIGH] CWE-787 CVE-2022-47384: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47386HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47386 [HIGH] CWE-787 CVE-2022-47386: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47381HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47381 [HIGH] CWE-787 CVE-2022-47381: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47382HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47382 [HIGH] CWE-787 CVE-2022-47382: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47390HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47390 [HIGH] CWE-787 CVE-2022-47390: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47383HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47383 [HIGH] CWE-787 CVE-2022-47383: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47389HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47389 [HIGH] CWE-787 CVE-2022-47389: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47388HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47388 [HIGH] CWE-787 CVE-2022-47388: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47391HIGHCVSS 7.5≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47391 [HIGH] CWE-20 CVE-2022-47391: In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a imprope
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
nvd
CVE-2022-47379HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47379 [HIGH] CWE-787 CVE-2022-47379: An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS pr
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47387HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47387 [HIGH] CWE-787 CVE-2022-47387: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpT
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47380HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47380 [HIGH] CWE-787 CVE-2022-47380: An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multipl
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47385HIGHCVSS 8.8≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47385 [HIGH] CWE-787 CVE-2022-47385: An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the Cmp
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
nvd
CVE-2022-47392MEDIUMCVSS 6.5≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47392 [MEDIUM] CWE-20 CVE-2022-47392: An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/Cm
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
nvd
CVE-2022-47393MEDIUMCVSS 6.5≥ V0.0.0.0, < V3.5.19.02023-05-15
CVE-2022-47393 [MEDIUM] CWE-119 CVE-2022-47393: An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
nvd
1 / 2Next →