Codesys

Development System

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.07%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

  • EPSS 0.25%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

  • EPSS 1.27%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

  • EPSS 1.4%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:56

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

  • EPSS 1.22%
  • Veröffentlicht 05.08.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:08

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provi...

Exploit
  • EPSS 1.67%
  • Veröffentlicht 02.08.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:08

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An ...

  • EPSS 1.3%
  • Veröffentlicht 02.08.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:08

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can ...

Exploit
  • EPSS 1.73%
  • Veröffentlicht 02.08.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:08

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. ...

Exploit
  • EPSS 0.94%
  • Veröffentlicht 04.05.2021 12:15:16
  • Zuletzt bearbeitet 21.11.2024 06:00:51

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.

  • EPSS 1.42%
  • Veröffentlicht 03.05.2021 14:15:07
  • Zuletzt bearbeitet 29.05.2026 15:16:20

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).