CVE-2022-1965
- EPSS 0.78%
- Veröffentlicht 24.06.2022 08:15:07
- Zuletzt bearbeitet 21.11.2024 06:41:51
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User in...
CVE-2021-34596
- EPSS 0.24%
- Veröffentlicht 26.10.2021 10:15:08
- Zuletzt bearbeitet 15.08.2025 20:24:15
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
CVE-2021-34595
- EPSS 0.47%
- Veröffentlicht 26.10.2021 10:15:08
- Zuletzt bearbeitet 15.08.2025 20:25:40
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
- EPSS 1.6%
- Veröffentlicht 26.10.2021 10:15:08
- Zuletzt bearbeitet 15.08.2025 20:25:58
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further comm...
CVE-2021-30195
- EPSS 0.42%
- Veröffentlicht 25.05.2021 13:15:17
- Zuletzt bearbeitet 15.08.2025 20:26:54
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
CVE-2021-30186
- EPSS 0.45%
- Veröffentlicht 25.05.2021 13:15:17
- Zuletzt bearbeitet 15.08.2025 20:20:41
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
CVE-2019-19789
- EPSS 0.46%
- Veröffentlicht 20.12.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:35:23
3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.