Codesys

Control For Empc-a/imx6 Sl

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2022-22514

  • EPSS 0.38%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally...

4.9

CVE-2022-22515

  • EPSS 0.17%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

6.4

CVE-2022-22518

  • EPSS 0.16%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.

7.5

CVE-2022-22519

  • EPSS 0.78%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

7.5

CVE-2021-29242

  • EPSS 0.32%
  • Veröffentlicht 03.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:00:52

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

7.5

CVE-2021-29241

  • EPSS 0.41%
  • Veröffentlicht 03.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:00:51

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

7.8

CVE-2019-9012

  • EPSS 0.15%
  • Veröffentlicht 15.08.2019 18:15:23
  • Zuletzt bearbeitet 21.11.2024 04:50:48

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS...

9.8

CVE-2019-9010

  • EPSS 0.32%
  • Veröffentlicht 15.08.2019 18:15:23
  • Zuletzt bearbeitet 21.11.2024 04:50:48

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the Cm...

8.8

CVE-2019-9013

  • EPSS 0.44%
  • Veröffentlicht 15.08.2019 17:15:13
  • Zuletzt bearbeitet 21.11.2024 04:50:48

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all...

7.5

CVE-2018-20026

  • EPSS 0.92%
  • Veröffentlicht 19.02.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:47

Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.