Codesys

Control For Iot2000 Sl

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-47380

  • EPSS 2.3%
  • Veröffentlicht 15.05.2023 10:15:09
  • Zuletzt bearbeitet 17.07.2025 12:46:06

An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote co...

8.8

CVE-2022-47379

  • EPSS 2.73%
  • Veröffentlicht 15.05.2023 10:15:09
  • Zuletzt bearbeitet 17.07.2025 12:38:27

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

6.5

CVE-2022-47378

  • EPSS 0.41%
  • Veröffentlicht 15.05.2023 10:15:09
  • Zuletzt bearbeitet 17.07.2025 12:38:13

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.

4.3

CVE-2022-22508

  • EPSS 0.14%
  • Veröffentlicht 15.05.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 06:46:54

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.

8.8

CVE-2022-4224

  • EPSS 0.8%
  • Veröffentlicht 23.03.2023 12:15:12
  • Zuletzt bearbeitet 21.11.2024 07:34:49

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

5

CVE-2022-30792

  • EPSS 0.39%
  • Veröffentlicht 11.07.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:23

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

5

CVE-2022-30791

  • EPSS 0.39%
  • Veröffentlicht 11.07.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:23

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

7.5

CVE-2022-22519

  • EPSS 0.78%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

6.4

CVE-2022-22518

  • EPSS 0.16%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.

7.5

CVE-2022-22517

  • EPSS 0.44%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.