CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31805 – Insecure transmission of credentials
https://notcve.org/view.php?id=CVE-2022-31805
24 Jun 2022 — In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. En CODESYS Development System, varios componentes en diversos versiones transmiten las contraseñas para la comunicación entre clientes y servidores sin protección • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= • CWE-523: Unprotected Transport of Credentials •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1965 – CODESYS runtime system prone to file deletion due to improper error handling
https://notcve.org/view.php?id=CVE-2022-1965
24 Jun 2022 — Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. diversos productos de CODESYS implementan un manejo de errores inapropiado. Un atacante remoto poco privilegiado puede diseñar una petición, que no es procesada apropiadamente por el manejo de errores. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34596 – CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service
https://notcve.org/view.php?id=CVE-2021-34596
26 Oct 2021 — A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. Una petición diseñada puede causar un acceso de lectura a un puntero no inicializado en CODESYS V2 Runtime Toolkit 32 Bit full y PLCWinNT versiones anteriores a V2.4.7.56, resultando en una condición de denegación de servicio • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download= • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34595 – CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service
https://notcve.org/view.php?id=CVE-2021-34595
26 Oct 2021 — A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. Una petición diseñada con valores no válidos puede causar un acceso de lectura o escritura fuera de límites en CODESYS V2 Runtime Toolkit 32 Bit full y PLCWinNT versiones anteriores a V2.4.7.56, resultando en una condición de denegación de servicio o una escritura excesi... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download= • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2021-34593 – CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service
https://notcve.org/view.php?id=CVE-2021-34593
26 Oct 2021 — In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. En CODESYS V2 Runtime Toolkit 32 Bit full y PLCWinNT versiones anteriores a V2.4.7.56, las peticiones no válidas diseñadas sin autenticación pueden resultar en varias condiciones de denegación de servicio.... • https://packetstorm.news/files/id/165874 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2021-30195
https://notcve.org/view.php?id=CVE-2021-30195
25 May 2021 — CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. CODESYS V2 runtime system versiones anteriores a 2.4.7.55, presenta una Comprobación Inapropiada de la Entrada • https://customers.codesys.com/index.php • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2021-30186
https://notcve.org/view.php?id=CVE-2021-30186
25 May 2021 — CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. CODESYS V2 runtime system SP versiones anteriores a 2.4.7.55, presenta un Desbordamiento del Búfer en la región Heap de la memoria • https://customers.codesys.com/index.php • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19789
https://notcve.org/view.php?id=CVE-2019-19789
20 Dec 2019 — 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference. 3S-Smart CODESYS SP Realtime NT versiones anteriores a V2.3.7.28, CODESYS Runtime Toolkit de 32 bits completo versiones anteriores a V2.4.7.54 y CODESYS PLCWinNT versiones anteriores a V2.4.7.54, permiten una desreferencia del puntero NULL. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12946&token=edd5d8e821edaf3189d36bb1cac1aa1bfc42351f&download= • CWE-476: NULL Pointer Dereference •