CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2021-29242
https://notcve.org/view.php?id=CVE-2021-29242
03 May 2021 — CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. El sistema CODESYS Control Runtime versiones anteriores a 3.5.17.0, presenta una comprobación inapropiada de entrada. Los atacantes pueden enviar paquetes de comunicación diseñados para cambiar el esquema de direccionamiento del enrutador y pueden redireccionar, ag... • https://customers.codesys.com/index.php • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29241
https://notcve.org/view.php?id=CVE-2021-29241
03 May 2021 — CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). CODESYS Gateway versiones 3 anteriores a 3.5.16.70 tiene una derivación de puntero NULL que puede resultar en una denegación de servicio (DoS) • https://customers.codesys.com/index.php • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-9012
https://notcve.org/view.php?id=CVE-2019-9012
15 Aug 2019 — An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download= • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-9010
https://notcve.org/view.php?id=CVE-2019-9010
15 Aug 2019 — An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODE... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download= •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-9013
https://notcve.org/view.php?id=CVE-2019-9013
15 Aug 2019 — An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESY... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-20025
https://notcve.org/view.php?id=CVE-2018-20025
19 Feb 2019 — Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. Existen valores aleatorios utilizados de manera insuficiente en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0. • http://www.securityfocus.com/bid/106251 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2018-20026
https://notcve.org/view.php?id=CVE-2018-20026
19 Feb 2019 — Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. Existe el filtrado de direcciones de comunicación incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0. • http://www.securityfocus.com/bid/106251 •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2018-10612
https://notcve.org/view.php?id=CVE-2018-10612
29 Jan 2019 — In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. En los productos CODESYS Control V3, de 3S-Smart Software Solutions GmbH, en versiones anteriores a la 3.5.14.0, la gestión de accesos de usuarios y el cifrado de las comunicaciones no está habilitado por defecto, lo que podría permitir... • http://www.securityfocus.com/bid/106248 • CWE-284: Improper Access Control CWE-311: Missing Encryption of Sensitive Data CWE-732: Incorrect Permission Assignment for Critical Resource •