Codesys

Development System

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-22513

  • EPSS 0.55%
  • Veröffentlicht 07.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:55

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

7.8

CVE-2021-21863

  • EPSS 0.08%
  • Veröffentlicht 05.08.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:08

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provi...

7.8

CVE-2021-21866

Exploit
  • EPSS 0.16%
  • Veröffentlicht 02.08.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:08

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An ...

7.8

CVE-2021-21865

  • EPSS 0.12%
  • Veröffentlicht 02.08.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:08

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can ...

7.8

CVE-2021-21864

Exploit
  • EPSS 0.16%
  • Veröffentlicht 02.08.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:08

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. ...

7.8

CVE-2021-29240

Exploit
  • EPSS 0.26%
  • Veröffentlicht 04.05.2021 12:15:16
  • Zuletzt bearbeitet 21.11.2024 06:00:51

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.

7.5

CVE-2021-29241

  • EPSS 0.56%
  • Veröffentlicht 03.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:00:51

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

7.8

CVE-2021-29239

  • EPSS 0.07%
  • Veröffentlicht 03.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:00:51

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

6.5

CVE-2020-12068

  • EPSS 0.24%
  • Veröffentlicht 14.05.2020 21:15:13
  • Zuletzt bearbeitet 21.11.2024 04:59:12

An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.

7.8

CVE-2019-9012

  • EPSS 0.28%
  • Veröffentlicht 15.08.2019 18:15:23
  • Zuletzt bearbeitet 21.11.2024 04:50:48

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS...