Codesys

Codesys

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2021-34595

  • EPSS 0.47%
  • Veröffentlicht 26.10.2021 10:15:08
  • Zuletzt bearbeitet 15.08.2025 20:25:40

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

6.5

CVE-2021-34596

  • EPSS 0.24%
  • Veröffentlicht 26.10.2021 10:15:08
  • Zuletzt bearbeitet 15.08.2025 20:24:15

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

7.5

CVE-2021-34583

Exploit
  • EPSS 3.82%
  • Veröffentlicht 26.10.2021 10:15:07
  • Zuletzt bearbeitet 15.08.2025 20:26:48

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

9.1

CVE-2021-34584

Exploit
  • EPSS 0.61%
  • Veröffentlicht 26.10.2021 10:15:07
  • Zuletzt bearbeitet 15.08.2025 20:26:40

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

5

CVE-2021-34585

Exploit
  • EPSS 0.47%
  • Veröffentlicht 26.10.2021 10:15:07
  • Zuletzt bearbeitet 15.08.2025 20:26:31

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of se...

7.5

CVE-2021-34586

Exploit
  • EPSS 3.29%
  • Veröffentlicht 26.10.2021 10:15:07
  • Zuletzt bearbeitet 15.08.2025 20:26:04

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

7.8

CVE-2021-21869

Exploit
  • EPSS 0.14%
  • Veröffentlicht 25.08.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:08

An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attack...

7.8

CVE-2021-21867

Exploit
  • EPSS 0.16%
  • Veröffentlicht 18.08.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:08

An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An ...

7.8

CVE-2021-21868

Exploit
  • EPSS 0.16%
  • Veröffentlicht 18.08.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:08

An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An att...

7.5

CVE-2019-5105

Exploit
  • EPSS 0.34%
  • Veröffentlicht 26.03.2020 15:15:24
  • Zuletzt bearbeitet 21.11.2024 04:44:21

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and terminatio...