Codesys: >> Control For Iot2000 >> 3.5.15.40 Security Vulnerabilities
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-26
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-07-22
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-05-14