Codesys

Control Rte Sl

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.6

CVE-2025-0694

  • EPSS 0.06%
  • Veröffentlicht 18.03.2025 11:15:39
  • Zuletzt bearbeitet 18.03.2025 11:15:39

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.

7.5

CVE-2024-8175

  • EPSS 0.62%
  • Veröffentlicht 25.09.2024 08:15:04
  • Zuletzt bearbeitet 26.09.2024 13:32:02

An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

8.8

CVE-2022-4046

  • EPSS 0.76%
  • Veröffentlicht 03.08.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 07:34:30

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.

6.5

CVE-2023-37559

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, pot...

6.5

CVE-2023-37558

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, pot...

6.5

CVE-2023-37557

  • EPSS 0.05%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condi...

6.5

CVE-2023-37556

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, poten...

6.5

CVE-2023-37555

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, poten...

6.5

CVE-2023-37554

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:55

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, poten...

6.5

CVE-2023-37553

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:55

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, poten...