Page 10 of 52 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. En CODESYS V3 web server versiones anteriores a 3.5.17.10, los archivos o directorios son accesibles para las partes externas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download= • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. CODESYS Control Runtime system versiones anteriores a 3.5.17.10, presenta un Desbordamiento de Buffer en la región Heap de la memoria • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download= • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. El sistema CODESYS Control Runtime versiones anteriores a 3.5.17.0, presenta una comprobación inapropiada de entrada. Los atacantes pueden enviar paquetes de comunicación diseñados para cambiar el esquema de direccionamiento del enrutador y pueden redireccionar, agregar, eliminar o cambiar paquetes de comunicación de bajo nivel. • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= https://www.codesys.com/security/security-reports.html • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3. Se detectó un problema en los productos 3S-Smart CODESYS V3. La aplicación puede utilizar cifrado no basado en TLS, lo que resulta en que las credenciales de usuario no estén suficientemente protegidas durante el transporte. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= https://www.us-cert.gov/ics/advisories/icsa-19-213-04 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. Existe el filtrado de direcciones de comunicación incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0. • http://www.securityfocus.com/bid/106251 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 •