CVSS: 8.7EPSS: 0%CPEs: 16EXPL: 0CVE-2025-41659 – CODESYS Control PKI Exposure Enables Remote Certificate Access
https://notcve.org/view.php?id=CVE-2025-41659
04 Aug 2025 — A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted. Un atacante con pocos privilegios puede acceder remotamente a la carpeta PKI del sistema de ejecución de CODESYS Control y, por lo tanto, leer y escribir certificado... • https://certvde.com/de/advisories/VDE-2025-051 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-41658 – CODESYS Toolkit Exposes Sensitive Files via Default Permissions
https://notcve.org/view.php?id=CVE-2025-41658
04 Aug 2025 — CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. Los productos basados en CODESYS Runtime Toolkit pueden exponer archivos confidenciales a usuarios del sistema operativo local con pocos privilegios debido a los permisos de archivo predeterminados. • https://certvde.com/de/advisories/VDE-2025-049 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-6357 – OS Command Injection in multiple CODESYS products
https://notcve.org/view.php?id=CVE-2023-6357
05 Dec 2023 — A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Un atacante remoto con pocos privilegios podría aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a través de librerías del sistema de archivos que podrían darle al atacante el control total del dispositivo. • https://cert.vde.com/en/advisories/VDE-2023-066 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2022-32143 – CODESYS runtime system prone to directory acces
https://notcve.org/view.php?id=CVE-2022-32143
24 Jun 2022 — In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required En Diversos prod... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2022-32142 – CODESYS runtime system prone to denial of service due to use of out of range pointer
https://notcve.org/view.php?id=CVE-2022-32142
24 Jun 2022 — Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. Diversos productos CODESYS son propensos a un acceso de lectura o escritura fuera de límites. Un atacante remoto poco privilegiado puede diseñar una petición con... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32141 – CODESYS runtime system prone to denial of service due to buffer over read
https://notcve.org/view.php?id=CVE-2022-32141
24 Jun 2022 — Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. Diversos productos CODESYS son propensos a una lectura excesiva del buffer. Un atacante remoto poco privilegiado puede diseñar una petición con un desplazamiento no válido, que puede causar una sobre lectura del búfer interno, resultando en una condici... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32140 – CODESYS runtime system prone to denial of service due to buffer copy
https://notcve.org/view.php?id=CVE-2022-32140
24 Jun 2022 — Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required. diversos productos de CODESYS están afectados por un desbordamiento de búfer. Un atacante remoto poco privilegiado puede diseñar una petición, que puede causar una copia del búfer sin comprobar el tamaño del servicio, resultando en una condición de... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32139 – CODESYS runtime system prone to denial of service due to out of bounds read
https://notcve.org/view.php?id=CVE-2022-32139
24 Jun 2022 — In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. En diversos productos de CODESYS, un atacante remoto poco privilegiado puede diseñar una petición que cause una lectura fuera de los límites, resultando en una situación de denegación de servicio. No es requerida una interacción del usuario • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2022-32138 – CODESYS runtime system prone to denial of service due to Unexpected Sign Extension
https://notcve.org/view.php?id=CVE-2022-32138
24 Jun 2022 — In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. En diversos productos CODESYS, un atacante remoto puede diseñar una petición que puede causar una extensión de signo inesperada, resultando en una condición de negación de servicio o sobreescritura de memoria • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-194: Unexpected Sign Extension •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2022-32137 – CODESYS Runtime System prone to heap based buffer overflow
https://notcve.org/view.php?id=CVE-2022-32137
24 Jun 2022 — In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required. En diversos productos de CODESYS, un atacante remoto poco privilegiado puede diseñar una petición que puede causar un desbordamiento de búfer en la región heap de la memoria, resultando en una condición de negación de servicio o sobreescritura de memoria. No es requerida una interacc... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-122: Heap-based Buffer Overflow •