CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31802 – Partial string comparison in CODESYS gateway server
https://notcve.org/view.php?id=CVE-2022-31802
24 Jun 2022 — In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password. En CODESYS Gateway Server versión V2 para versiones anteriores a V2.3.9.38, sólo es comparada una parte de la contraseña especificada con la contraseña real de CODESYS Gateway. Un atacante puede llevar a... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= • CWE-187: Partial String Comparison •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22517 – Communication Components in multiple CODESYS products vulnerable to communication channel disruption
https://notcve.org/view.php?id=CVE-2022-22517
07 Apr 2022 — An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. Un atacante remoto no autenticado puede interrumpir los canales de comunicación presentes entre los productos CODESYS al adivinar un ID de canal válido e inyectando paquetes. Esto hace que el canal de comunicación sea cerrado • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17091&token=c450f8bbbd838c647d102f359356386c6ea5aeca&download= • CWE-330: Use of Insufficiently Random Values CWE-334: Small Space of Random Values •
CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22514 – Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.
https://notcve.org/view.php?id=CVE-2022-22514
07 Apr 2022 — An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. Un atacante remoto autentificado puede obtener acceso a un puntero desreferenciado contenido en una solicitud. Los accesos pueden llevar posteriormente a la sobreescri... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22513 – Null Pointer Dereference in multiple CODESYS products can lead to a DoS.
https://notcve.org/view.php?id=CVE-2022-22513
07 Apr 2022 — An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. Un atacante remoto autenticado puede causar una desreferencia de puntero null en el componente CmpSettings de los productos CODESYS afectados, lo que conlleva a un bloqueo • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-22956
https://notcve.org/view.php?id=CVE-2021-22956
07 Dec 2021 — An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de consumo no controlado de recursos en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que podría permitir a un atacante con acceso a NSIP o SNI... • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-22955
https://notcve.org/view.php?id=CVE-2021-22955
07 Dec 2021 — A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de denegación de servicio no autenticada en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que, cuando es configurado como servidor virtual VPN (Gateway) ... • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36764
https://notcve.org/view.php?id=CVE-2021-36764
04 Aug 2021 — In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. En CODESYS Gateway versiones V3 anteriores a 3.5.17.10, se presenta una Desreferencia de Puntero NULL. Unas peticiones de comunicación diseñadas pueden causar una desreferencia de puntero Null en los productos CODESYS afectados y pueden resultar en una condición de denegación de servi... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download= • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2021-29242
https://notcve.org/view.php?id=CVE-2021-29242
03 May 2021 — CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. El sistema CODESYS Control Runtime versiones anteriores a 3.5.17.0, presenta una comprobación inapropiada de entrada. Los atacantes pueden enviar paquetes de comunicación diseñados para cambiar el esquema de direccionamiento del enrutador y pueden redireccionar, ag... • https://customers.codesys.com/index.php • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29241
https://notcve.org/view.php?id=CVE-2021-29241
03 May 2021 — CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). CODESYS Gateway versiones 3 anteriores a 3.5.16.70 tiene una derivación de puntero NULL que puede resultar en una denegación de servicio (DoS) • https://customers.codesys.com/index.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 3CVE-2020-12713 – CipherMail Community Virtual Appliance 4.6.2 Code Execution
https://notcve.org/view.php?id=CVE-2020-12713
09 Jun 2020 — An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account. Se detectó un problema en CipherMail Community Gateway y Professional/Enterprise Gateway versiones 1.0.1 hasta 4.7.1-0 y CipherMail Webmail Messenger versiones 1.1.1 hasta 3.1.1-0. Los atacantes con acceso a... • https://packetstorm.news/files/id/158001 • CWE-269: Improper Privilege Management •