CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30193
https://notcve.org/view.php?id=CVE-2021-30193
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta una Escritura Fuera de Límites • https://customers.codesys.com/index.php • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30192
https://notcve.org/view.php?id=CVE-2021-30192
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta una Comprobación de Seguridad Implementada Inapropiadamente • https://customers.codesys.com/index.php •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30191
https://notcve.org/view.php?id=CVE-2021-30191
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta una Copia del Búfer sin Comprobar el Tamaño de la Entrada • https://customers.codesys.com/index.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30190
https://notcve.org/view.php?id=CVE-2021-30190
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta un Control de Acceso Inapropiado • https://customers.codesys.com/index.php • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30189
https://notcve.org/view.php?id=CVE-2021-30189
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta un Desbordamiento del Búfer en la región Stack de la memoria • https://customers.codesys.com/index.php • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30187
https://notcve.org/view.php?id=CVE-2021-30187
25 May 2021 — CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. CODESYS V2 runtime system SP versiones anteriores a 2.4.7.55, presenta una Neutralización Inapropiada de Elementos Especiales utilizados en un Comando del Sistema Operativo • https://customers.codesys.com/index.php • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29240
https://notcve.org/view.php?id=CVE-2021-29240
04 May 2021 — The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. El Administrador de Paquetes de CODESYS Development System 3 versiones anteriores a 3.5.17.0, no comprueba la validez de los paquetes antes de la instalación y puede ser usado para instalar paquetes CODESYS con contenido malicioso • https://customers.codesys.com/index.php •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2021-29242
https://notcve.org/view.php?id=CVE-2021-29242
03 May 2021 — CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. El sistema CODESYS Control Runtime versiones anteriores a 3.5.17.0, presenta una comprobación inapropiada de entrada. Los atacantes pueden enviar paquetes de comunicación diseñados para cambiar el esquema de direccionamiento del enrutador y pueden redireccionar, ag... • https://customers.codesys.com/index.php • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29239
https://notcve.org/view.php?id=CVE-2021-29239
03 May 2021 — CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. CODESYS Development System versiones 3 anteriores a 3.5.17.0, muestra o ejecuta documentos maliciosos o archivos insertados en bibliotecas sin comprobar primero su validez. • https://customers.codesys.com/index.php • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29238
https://notcve.org/view.php?id=CVE-2021-29238
03 May 2021 — CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). CODESYS Automation Server versiones anteriores a 1.16.0, permite un ataque de tipo cross-site request forgery (CSRF). • https://customers.codesys.com/index.php • CWE-352: Cross-Site Request Forgery (CSRF) •