Codesys

Virtual Control Sl

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.45%
  • Veröffentlicht 26.05.2026 06:49:54
  • Zuletzt bearbeitet 26.05.2026 20:00:24

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on t...

  • EPSS 0.35%
  • Veröffentlicht 26.05.2026 06:45:21
  • Zuletzt bearbeitet 26.05.2026 20:00:24

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.

  • EPSS 0.35%
  • Veröffentlicht 24.03.2026 07:42:33
  • Zuletzt bearbeitet 24.03.2026 15:53:48

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.

Medienbericht
  • EPSS 0.43%
  • Veröffentlicht 24.03.2026 07:41:43
  • Zuletzt bearbeitet 24.03.2026 15:53:48

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

  • EPSS 0.34%
  • Veröffentlicht 01.12.2025 10:02:33
  • Zuletzt bearbeitet 23.02.2026 15:42:30

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.