Codesys: Security Vulnerabilities
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
CVSS Score
9.1
EPSS Score
0.012
Published
2021-05-25
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
CVSS Score
7.5
EPSS Score
0.072
Published
2021-05-25
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-05-25
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
CVSS Score
7.8
EPSS Score
0.009
Published
2021-05-04
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.005
Published
2021-05-03
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-05-03
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
CVSS Score
7.5
EPSS Score
0.014
Published
2021-05-03
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVSS Score
7.3
EPSS Score
0.011
Published
2021-05-03
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
CVSS Score
7.5
EPSS Score
0.02
Published
2020-07-22