Codesys: >> Control Win Sl >> 3.5.16.0 Security Vulnerabilities
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-04-07
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
CVSS Score
7.5
EPSS Score
0.01
Published
2022-04-07
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
CVSS Score
7.5
EPSS Score
0.013
Published
2022-04-07
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-08-03
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-03
Page 3