CVSS: 9.0EPSS: 1%CPEs: 17EXPL: 0CVE-2022-47382 – CODESYS: Multiple products prone to stack based out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-47382
15 May 2023 — An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a den... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download= • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 1%CPEs: 17EXPL: 0CVE-2022-47381 – CODESYS: Multiple products prone to stack based out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-47381
15 May 2023 — An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote co... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download= • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 1%CPEs: 17EXPL: 0CVE-2022-47380 – CODESYS: Multiple products prone to out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-47380
15 May 2023 — An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote co... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download= • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 2%CPEs: 17EXPL: 0CVE-2022-47379 – CODESYS: Multiple products prone to out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-47379
15 May 2023 — An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution. An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download= • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-47378 – CODESYS: Multiple products prone to Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-47378
15 May 2023 — Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download= • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2018-25048 – Codesys Runtime Improper Limitation of a Pathname
https://notcve.org/view.php?id=CVE-2018-25048
23 Mar 2023 — The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. • https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2018-20026
https://notcve.org/view.php?id=CVE-2018-20026
19 Feb 2019 — Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. Existe el filtrado de direcciones de comunicación incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0. • http://www.securityfocus.com/bid/106251 •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2018-10612
https://notcve.org/view.php?id=CVE-2018-10612
29 Jan 2019 — In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. En los productos CODESYS Control V3, de 3S-Smart Software Solutions GmbH, en versiones anteriores a la 3.5.14.0, la gestión de accesos de usuarios y el cifrado de las comunicaciones no está habilitado por defecto, lo que podría permitir... • http://www.securityfocus.com/bid/106248 • CWE-284: Improper Access Control CWE-311: Missing Encryption of Sensitive Data CWE-732: Incorrect Permission Assignment for Critical Resource •