Codesys: >> Simulation Runtime >> 3.5.12.10 Security Vulnerabilities
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
CVSS Score
8.8
EPSS Score
0.005
Published
2023-03-23
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
CVSS Score
7.3
EPSS Score
0.006
Published
2021-05-03
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-07-22
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-01-24
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-17
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
CVSS Score
8.8
EPSS Score
0.01
Published
2019-09-17