Codesys

Control For Empc-a/imx6 Sl

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-37551

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:55

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast ...

6.5

CVE-2023-37549

  • EPSS 0.24%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:55

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

6.5

CVE-2023-37548

  • EPSS 0.24%
  • Veröffentlicht 03.08.2023 12:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:54

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

6.5

CVE-2023-37547

  • EPSS 0.24%
  • Veröffentlicht 03.08.2023 12:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:54

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

6.5

CVE-2023-37546

  • EPSS 0.24%
  • Veröffentlicht 03.08.2023 12:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:54

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

6.5

CVE-2023-37545

  • EPSS 0.09%
  • Veröffentlicht 03.08.2023 11:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:54

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

4.3

CVE-2022-22508

  • EPSS 0.14%
  • Veröffentlicht 15.05.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 06:46:54

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.

8.8

CVE-2022-4224

  • EPSS 1.13%
  • Veröffentlicht 23.03.2023 12:15:12
  • Zuletzt bearbeitet 21.11.2024 07:34:49

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

7.5

CVE-2022-22517

  • EPSS 0.44%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

6.5

CVE-2022-22513

  • EPSS 0.25%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:55

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.