Codesys

Development System

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-37555

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, poten...

6.5

CVE-2023-37556

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, poten...

6.5

CVE-2023-37557

  • EPSS 0.05%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condi...

6.5

CVE-2023-37558

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, pot...

6.5

CVE-2023-37559

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 08:11:56

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, pot...

6.5

CVE-2023-37548

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:54

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

6.5

CVE-2023-37547

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:54

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

6.5

CVE-2023-37546

  • EPSS 0.08%
  • Veröffentlicht 03.08.2023 12:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:54

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...

8.8

CVE-2023-3663

  • EPSS 0.49%
  • Veröffentlicht 03.08.2023 11:15:10
  • Zuletzt bearbeitet 21.11.2024 08:17:47

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.

7.3

CVE-2023-3662

  • EPSS 0.02%
  • Veröffentlicht 03.08.2023 11:15:09
  • Zuletzt bearbeitet 21.11.2024 08:17:47

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .