CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-16265
https://notcve.org/view.php?id=CVE-2019-16265
25 Oct 2019 — CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. El servidor CODESYS V2.3 ENI hasta la versión V3.2.2.24, presenta un desbordamiento de búfer. • https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13538
https://notcve.org/view.php?id=CVE-2019-13538
17 Sep 2019 — 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. 3S-Smart Software Solutions GmbH CODESYS versión V3 Library Manager, todas las versiones anteriores a la 3.5.16.0,... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 81%CPEs: 1EXPL: 3CVE-2011-5007 – CoDeSys SCADA 2.3 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-5007
25 Dec 2011 — Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. El desbordamiento de búfer en la región stack de la memoria en el componente CmpWebServer en 3S CoDeSys versión 3.4 SP4 Patch 2 y anteriores, como es usado en el PLC ABB AC500 y posiblemente en otros productos, permite a los atacantes remotos ejecutar código arbitrario ... • https://www.exploit-db.com/exploits/18187 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •