CVE-2021-30190
https://notcve.org/view.php?id=CVE-2021-30190
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta un Control de Acceso Inapropiado • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14726&token=553da5d11234bbe1ceed59969d419a71bb8c8747&download= • CWE-306: Missing Authentication for Critical Function •
CVE-2021-30189
https://notcve.org/view.php?id=CVE-2021-30189
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta un Desbordamiento del Búfer en la región Stack de la memoria • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14726&token=553da5d11234bbe1ceed59969d419a71bb8c8747&download= • CWE-787: Out-of-bounds Write •
CVE-2021-30187
https://notcve.org/view.php?id=CVE-2021-30187
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. CODESYS V2 runtime system SP versiones anteriores a 2.4.7.55, presenta una Neutralización Inapropiada de Elementos Especiales utilizados en un Comando del Sistema Operativo • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14727&token=25159b0fc4355f4c6bc2e074a519a9d0cdb23fbb&download= • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-29240
https://notcve.org/view.php?id=CVE-2021-29240
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. El Administrador de Paquetes de CODESYS Development System 3 versiones anteriores a 3.5.17.0, no comprueba la validez de los paquetes antes de la instalación y puede ser usado para instalar paquetes CODESYS con contenido malicioso • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14636&token=1ce7e6e4cbe4651989ede418450d7c82e972bdf2&download= https://www.codesys.com/security/security-reports.html •
CVE-2021-29242
https://notcve.org/view.php?id=CVE-2021-29242
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. El sistema CODESYS Control Runtime versiones anteriores a 3.5.17.0, presenta una comprobación inapropiada de entrada. Los atacantes pueden enviar paquetes de comunicación diseñados para cambiar el esquema de direccionamiento del enrutador y pueden redireccionar, agregar, eliminar o cambiar paquetes de comunicación de bajo nivel. • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= https://www.codesys.com/security/security-reports.html • CWE-20: Improper Input Validation •