Page 2 of 131 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability. Un atacante local no autenticado puede engañar a un usuario para que abra archivos de proyecto corruptos para ejecutar código arbitrario o bloquear el sistema debido a una vulnerabilidad de escritura fuera de los límites. • https://cert.vde.com/en/advisories/VDE-2024-024 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Un atacante remoto con pocos privilegios podría aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a través de librerías del sistema de archivos que podrían darle al atacante el control total del dispositivo. • https://cert.vde.com/en/advisories/VDE-2023-066 https://https://cert.vde.com/en/advisories/VDE-2023-066 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device. • https://cert.vde.com/en/advisories/VDE-2023-025 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. • https://cert.vde.com/en/advisories/VDE-2023-023 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558 Después de una autenticación exitosa como usuario en múltiples productos Codesys en múltiples versiones, solicitudes de comunicación de red específicas diseñadas con contenido inconsistente pueden hacer que el componente CmpAppForce lea internamente desde una dirección no válida, lo que podría conducir a una condición de denegación de servicio. Esta vulnerabilidad es diferente a CVE-2023-37558 • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •