Codesys: >> Control For Empc-A/imx6 >> 3.5.12.0 Security Vulnerabilities
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-09-17
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-17
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
CVSS Score
8.8
EPSS Score
0.01
Published
2019-09-17
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
CVSS Score
7.5
EPSS Score
0.014
Published
2019-09-13
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-09-13
Page 2