Codesys: >> Hmi >> 3.5.13.0 Security Vulnerabilities
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-03
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-03
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-03
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-03
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-03
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-11
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-11
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-08-03
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-08-03
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVSS Score
7.3
EPSS Score
0.006
Published
2021-05-03