Shodan
Vulnerabilities
Vulnerable Software
Codesys:  >> Control Rte  Security Vulnerabilities
CVE-2018-25048
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
CVSS Score
8.8
EPSS Score
0.005
Published
2023-03-23
CVE-2021-33485
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-08-03
CVE-2021-36763
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-08-03
CVE-2021-29242
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVSS Score
7.3
EPSS Score
0.006
Published
2021-05-03
CVE-2020-15806
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-07-22
CVE-2020-12068
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-05-14
CVE-2020-10245
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-03-26
CVE-2020-7052
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-01-24
CVE-2019-18858
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-11-20
CVE-2019-13542
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-09-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved