Codesys: >> Control For Linux Sl >> 3.5.16.0 Security Vulnerabilities
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
CVSS Score
7.5
EPSS Score
0.01
Published
2022-04-07
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
CVSS Score
7.5
EPSS Score
0.018
Published
2022-04-07
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
CVSS Score
7.5
EPSS Score
0.006
Published
2021-05-03
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVSS Score
7.3
EPSS Score
0.006
Published
2021-05-03
Page 5