CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37550 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37550
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549. En muchos productos Codesys en múltiples versiones, después de una autenticación exitosa como usu... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37549 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37549
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550 En múltiples productos de Codesys en múltiples versiones, después de una autenticación exitosa com... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37548 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37548
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550 In multiple Codesys products in multiple versions, after successful authentication as a user, spec... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37547 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37547
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37546 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37546
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37545 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37545
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550 In multiple Codesys products in multiple versions, after successful authentication as a user, specifi... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30792 – CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels
https://notcve.org/view.php?id=CVE-2022-30792
11 Jul 2022 — In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. En CmpChannelServer de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicación. Las conexiones existentes no están afectadas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30791 – CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections
https://notcve.org/view.php?id=CVE-2022-30791
11 Jul 2022 — In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. En CmpBlkDrvTcp de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones TCP. Las conexiones existentes no están afectadas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31805 – Insecure transmission of credentials
https://notcve.org/view.php?id=CVE-2022-31805
24 Jun 2022 — In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. En CODESYS Development System, varios componentes en diversos versiones transmiten las contraseñas para la comunicación entre clientes y servidores sin protección • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= • CWE-523: Unprotected Transport of Credentials •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2022-22519 – Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.
https://notcve.org/view.php?id=CVE-2022-22519
07 Apr 2022 — A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. Un atacante remoto y no autenticado puede enviar una solicitud HTTP o HTTPS con un diseño específico que provoque una sobrelectura del búfer y provoque un bloqueo del servidor web del sistema de ejecución de CODESYS Control • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17094&token=2fb188e2213c74194e81ba61ff99f1c68602ba4d&download= • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •