CVE-2025-41739
- EPSS 0.11%
- Veröffentlicht 01.12.2025 10:00:44
- Zuletzt bearbeitet 01.12.2025 15:39:33
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially caus...
CVE-2022-31805
- EPSS 0.28%
- Veröffentlicht 24.06.2022 08:15:07
- Zuletzt bearbeitet 21.11.2024 07:05:22
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
CVE-2021-29242
- EPSS 0.44%
- Veröffentlicht 03.05.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:00:52
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVE-2018-20026
- EPSS 1.41%
- Veröffentlicht 19.02.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:47
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.