CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41975 – CODESYS (Edge) Gateway for Windows insecure default
https://notcve.org/view.php?id=CVE-2024-41975
18 Mar 2025 — An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs. • https://cert.vde.com/en/advisories/VDE-2025-013 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.6EPSS: 0%CPEs: 15EXPL: 0CVE-2025-0694 – CODESYS Control V3 removable media path traversal
https://notcve.org/view.php?id=CVE-2025-0694
18 Mar 2025 — Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. • https://cert.vde.com/en/advisories/VDE-2025-015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1468 – CODESYS Control V3 - OPC UA Server Authentication bypass
https://notcve.org/view.php?id=CVE-2025-1468
18 Mar 2025 — An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy. • https://cert.vde.com/en/advisories/VDE-2025-022 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-8175 – CODESYS: web server vulnerable to DoS
https://notcve.org/view.php?id=CVE-2024-8175
25 Sep 2024 — An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. Un atacante remoto no autenticado puede provocar que el servidor web CODESYS acceda a una memoria no válida, lo que resulta en un DoS. An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. • https://cert.vde.com/en/advisories/VDE-2024-057 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6876 – Out-of-bounds read in OSCAT-Library
https://notcve.org/view.php?id=CVE-2024-6876
10 Sep 2024 — Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. • https://certvde.com/en/advisories/VDE-2024-046 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5751 – CODESYS: Development system prone to DoS through exposure of resource to wrong sphere
https://notcve.org/view.php?id=CVE-2023-5751
04 Jun 2024 — A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. Un atacante local con privilegios bajos puede leer y modificar los archivos de cualquier usuario y provocar un DoS en el directorio de trabajo de los productos afectados debido a la exposición del recurso a una esfera incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-027 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-5000 – CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products
https://notcve.org/view.php?id=CVE-2024-5000
04 Jun 2024 — An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. Un atacante remoto no autenticado puede utilizar un cliente OPC UA malicioso para enviar una solicitud manipulada a los productos CODESYS afectados, lo que puede provocar un DoS debido a un cálculo incorrecto del tamaño del búfer. An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted req... • https://cert.vde.com/en/advisories/VDE-2024-026 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49676 – CODESYS: Use after free vulnerability through corrupted project files
https://notcve.org/view.php?id=CVE-2023-49676
06 May 2024 — An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability. Un atacante local no autenticado puede engañar a un usuario para que abra archivos de proyecto corruptos y bloquear el sistema debido a una vulnerabilidad de use after free. • https://cert.vde.com/en/advisories/VDE-2024-024 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49675 – CODESYS: Out-of-bounds write through corrupted project files
https://notcve.org/view.php?id=CVE-2023-49675
06 May 2024 — An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability. Un atacante local no autenticado puede engañar a un usuario para que abra archivos de proyecto corruptos para ejecutar código arbitrario o bloquear el sistema debido a una vulnerabilidad de escritura fuera de los límites. • https://cert.vde.com/en/advisories/VDE-2024-024 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-6357 – OS Command Injection in multiple CODESYS products
https://notcve.org/view.php?id=CVE-2023-6357
05 Dec 2023 — A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Un atacante remoto con pocos privilegios podría aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a través de librerías del sistema de archivos que podrían darle al atacante el control total del dispositivo. • https://cert.vde.com/en/advisories/VDE-2023-066 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •