CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29239
https://notcve.org/view.php?id=CVE-2021-29239
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. CODESYS Development System versiones 3 anteriores a 3.5.17.0, muestra o ejecuta documentos maliciosos o archivos insertados en bibliotecas sin comprobar primero su validez. • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14639&token=fa836f8bd4a2184aa9323a639ca9f2aaf1538412&download= https://www.codesys.com/security/security-reports.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29238
https://notcve.org/view.php?id=CVE-2021-29238
CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). CODESYS Automation Server versiones anteriores a 1.16.0, permite un ataque de tipo cross-site request forgery (CSRF). • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14638&token=30b75ee95d0d94527894dfd8cdc5432575a8eff8&download= https://www.codesys.com/security/security-reports.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29241
https://notcve.org/view.php?id=CVE-2021-29241
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). CODESYS Gateway versiones 3 anteriores a 3.5.16.70 tiene una derivación de puntero NULL que puede resultar en una denegación de servicio (DoS) • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download= https://www.codesys.com/security/security-reports.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2020-15806
https://notcve.org/view.php?id=CVE-2020-15806
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. El sistema del tiempo de ejecución de Control CODESYS, versiones anteriores a 3.5.16.10, permite una Asignación de Memoria No Controlada • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= https://www.codesys.com https://www.tenable.com/security/research/tra-2020-46 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-12068
https://notcve.org/view.php?id=CVE-2020-12068
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. Se detectó un problema en CODESYS Development System versiones anteriores a 3.5.16.0. CODESYS WebVisu y CODESYS Remote TargetVisu son susceptibles a una escalada de privilegios. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download= https://www.codesys.com •