CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31805 – Insecure transmission of credentials
https://notcve.org/view.php?id=CVE-2022-31805
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. En CODESYS Development System, varios componentes en diversos versiones transmiten las contraseñas para la comunicación entre clientes y servidores sin protección • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= • CWE-523: Unprotected Transport of Credentials •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22517 – Communication Components in multiple CODESYS products vulnerable to communication channel disruption
https://notcve.org/view.php?id=CVE-2022-22517
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. Un atacante remoto no autenticado puede interrumpir los canales de comunicación presentes entre los productos CODESYS al adivinar un ID de canal válido e inyectando paquetes. Esto hace que el canal de comunicación sea cerrado • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17091&token=c450f8bbbd838c647d102f359356386c6ea5aeca&download= • CWE-330: Use of Insufficiently Random Values CWE-334: Small Space of Random Values •
CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22514 – Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.
https://notcve.org/view.php?id=CVE-2022-22514
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. Un atacante remoto autentificado puede obtener acceso a un puntero desreferenciado contenido en una solicitud. Los accesos pueden llevar posteriormente a la sobreescritura local de la memoria en el CmpTraceMgr, por lo que el atacante no puede obtener los valores leídos internamente ni controlar los valores a escribir. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22513 – Null Pointer Dereference in multiple CODESYS products can lead to a DoS.
https://notcve.org/view.php?id=CVE-2022-22513
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. Un atacante remoto autenticado puede causar una desreferencia de puntero null en el componente CmpSettings de los productos CODESYS afectados, lo que conlleva a un bloqueo • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-22956
https://notcve.org/view.php?id=CVE-2021-22956
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de consumo no controlado de recursos en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que podría permitir a un atacante con acceso a NSIP o SNIP con acceso a la interfaz de administración causar una interrupción temporal de la GUI de administración, la API Nitro y la comunicación RPC • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •