Codesys Development System vulnerabilities

CVE-2023-3670 [HIGH] CWE-668 CVE-2023-3670: In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe di In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

CVE-2022-4224 [HIGH] CWE-1188 CVE-2022-4224: In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize t In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

CVE-2022-30792 [HIGH] CWE-400 CVE-2022-30792: In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

CVE-2022-30791 [HIGH] CWE-400 CVE-2022-30791: In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an u In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

CVE-2022-31805 [HIGH] CWE-523 CVE-2022-31805: In the CODESYS Development System multiple components in multiple versions transmit the passwords fo In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

CVE-2022-22515 [HIGH] CWE-668 CVE-2022-22515: A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime sy A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

CVE-2022-22516 [HIGH] CWE-732 CVE-2022-22516: The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system use The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

CVE-2022-22519 [HIGH] CWE-126 CVE-2022-22519: A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buff A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

CVE-2022-22514 [HIGH] CWE-822 CVE-2022-22514: An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

CVE-2022-22517 [HIGH] CWE-334 CVE-2022-22517: An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS prod An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

CVE-2022-22513 [MEDIUM] CWE-476 CVE-2022-22513: An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component o An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

CVE-2021-21863 [HIGH] CWE-502 CVE-2021-21863: A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-21865 [HIGH] CWE-502 CVE-2021-21865: A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-21866 [HIGH] CWE-502 CVE-2021-21866: A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.Profile A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-21864 [HIGH] CWE-502 CVE-2021-21864: A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureS A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-29240 [HIGH] CVE-2021-29240: The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of p The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.

CVE-2021-29241 [HIGH] CWE-476 CVE-2021-29241: CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of ser CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

CVE-2021-29239 [HIGH] CWE-345 CVE-2021-29239: CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embed CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

CVE-2020-12068 [MEDIUM] CVE-2020-12068: An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS R An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.

CVE-2019-9010 [CRITICAL] CVE-2019-9010: An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly veri An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBo