Codesys

Runtime Toolkit

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.62%
  • Veröffentlicht 25.09.2024 08:15:04
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

  • EPSS 0.57%
  • Veröffentlicht 04.06.2024 09:15:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

  • EPSS 0.96%
  • Veröffentlicht 05.12.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:41

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

  • EPSS 0.88%
  • Veröffentlicht 23.03.2023 12:15:12
  • Zuletzt bearbeitet 21.11.2024 07:34:49

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

  • EPSS 0.95%
  • Veröffentlicht 24.06.2022 08:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:49

Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not ...

  • EPSS 1.11%
  • Veröffentlicht 24.06.2022 08:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:50

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the con...

  • EPSS 0.98%
  • Veröffentlicht 24.06.2022 08:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:50

Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or ...

  • EPSS 0.97%
  • Veröffentlicht 24.06.2022 08:15:07
  • Zuletzt bearbeitet 21.11.2024 07:05:49

Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is ...

  • EPSS 0.98%
  • Veröffentlicht 24.06.2022 08:15:07
  • Zuletzt bearbeitet 21.11.2024 06:41:51

Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User in...

  • EPSS 0.95%
  • Veröffentlicht 24.06.2022 08:15:07
  • Zuletzt bearbeitet 21.11.2024 07:05:22

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.