CVE-2024-8175 – CODESYS: web server vulnerable to DoS
https://notcve.org/view.php?id=CVE-2024-8175
An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. Un atacante remoto no autenticado puede provocar que el servidor web CODESYS acceda a una memoria no válida, lo que resulta en un DoS. • https://cert.vde.com/en/advisories/VDE-2024-057 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18604&token=d5e1e2820ee63077b875b3bb41014b1f102e88a3&download= • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2024-6876 – Out-of-bounds read in OSCAT-Library
https://notcve.org/view.php?id=CVE-2024-6876
Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. • https://certvde.com/en/advisories/VDE-2024-046 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18601&token=27389a52e058d95ff70b17a2370fedf07e073034&download= • CWE-125: Out-of-bounds Read •
CVE-2023-5751 – CODESYS: Development system prone to DoS through exposure of resource to wrong sphere
https://notcve.org/view.php?id=CVE-2023-5751
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. Un atacante local con privilegios bajos puede leer y modificar los archivos de cualquier usuario y provocar un DoS en el directorio de trabajo de los productos afectados debido a la exposición del recurso a una esfera incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-027 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18354&token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924&download= • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2024-5000 – CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products
https://notcve.org/view.php?id=CVE-2024-5000
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. Un atacante remoto no autenticado puede utilizar un cliente OPC UA malicioso para enviar una solicitud manipulada a los productos CODESYS afectados, lo que puede provocar un DoS debido a un cálculo incorrecto del tamaño del búfer. • https://cert.vde.com/en/advisories/VDE-2024-026 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download= • CWE-131: Incorrect Calculation of Buffer Size •
CVE-2023-49676 – CODESYS: Use after free vulnerability through corrupted project files
https://notcve.org/view.php?id=CVE-2023-49676
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability. Un atacante local no autenticado puede engañar a un usuario para que abra archivos de proyecto corruptos y bloquear el sistema debido a una vulnerabilidad de use after free. • https://cert.vde.com/en/advisories/VDE-2024-024 • CWE-416: Use After Free •