Codesys

Development System

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.11%
  • Veröffentlicht 26.05.2026 06:39:04
  • Zuletzt bearbeitet 28.05.2026 20:09:28

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to repla...

  • EPSS 0.12%
  • Veröffentlicht 26.05.2026 06:37:53
  • Zuletzt bearbeitet 28.05.2026 20:11:52

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege es...

  • EPSS 0.13%
  • Veröffentlicht 01.12.2025 10:02:47
  • Zuletzt bearbeitet 23.02.2026 15:35:10

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.

  • EPSS 0.18%
  • Veröffentlicht 06.05.2024 12:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability.

  • EPSS 0.2%
  • Veröffentlicht 06.05.2024 12:15:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.

  • EPSS 0.14%
  • Veröffentlicht 03.08.2023 12:15:11
  • Zuletzt bearbeitet 21.11.2024 08:17:47

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

  • EPSS 0.52%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, poten...

  • EPSS 0.52%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:55

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

  • EPSS 0.52%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:55

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

  • EPSS 0.41%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:55

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast ...