CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37549 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37549
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550 En múltiples productos de Codesys en múltiples versiones, después de una autenticación exitosa com... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37548 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37548
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550 In multiple Codesys products in multiple versions, after successful authentication as a user, spec... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37547 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37547
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37546 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37546
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37545 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37545
03 Aug 2023 — In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550 In multiple Codesys products in multiple versions, after successful authentication as a user, specifi... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30792 – CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels
https://notcve.org/view.php?id=CVE-2022-30792
11 Jul 2022 — In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. En CmpChannelServer de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicación. Las conexiones existentes no están afectadas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30791 – CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections
https://notcve.org/view.php?id=CVE-2022-30791
11 Jul 2022 — In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. En CmpBlkDrvTcp de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones TCP. Las conexiones existentes no están afectadas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-36763
https://notcve.org/view.php?id=CVE-2021-36763
03 Aug 2021 — In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. En CODESYS V3 web server versiones anteriores a 3.5.17.10, los archivos o directorios son accesibles para las partes externas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download= • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2021-33485
https://notcve.org/view.php?id=CVE-2021-33485
03 Aug 2021 — CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. CODESYS Control Runtime system versiones anteriores a 3.5.17.10, presenta un Desbordamiento de Buffer en la región Heap de la memoria • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download= • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2021-29242
https://notcve.org/view.php?id=CVE-2021-29242
03 May 2021 — CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. El sistema CODESYS Control Runtime versiones anteriores a 3.5.17.0, presenta una comprobación inapropiada de entrada. Los atacantes pueden enviar paquetes de comunicación diseñados para cambiar el esquema de direccionamiento del enrutador y pueden redireccionar, ag... • https://customers.codesys.com/index.php • CWE-20: Improper Input Validation •