CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37545 – CODESYS: Improper Input Validation in CmpApp component
https://notcve.org/view.php?id=CVE-2023-37545
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550 • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47391 – CODESYS: Multiple products prone to Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-47391
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download= • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2022-22508 – CODESYS V3: Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-22508
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17351&token=a7c02b2825fea2bcaf80c1a8e62097d72ec90f1a&download= • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-4224 – CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
https://notcve.org/view.php?id=CVE-2022-4224
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download= • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30792 – CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels
https://notcve.org/view.php?id=CVE-2022-30792
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. En CmpChannelServer de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicación. Las conexiones existentes no están afectadas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= • CWE-400: Uncontrolled Resource Consumption •