CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-47379 – CODESYS: Multiple products prone to out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-47379
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download= • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-47378 – CODESYS: Multiple products prone to Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-47378
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download= • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2022-22508 – CODESYS V3: Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-22508
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17351&token=a7c02b2825fea2bcaf80c1a8e62097d72ec90f1a&download= • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-4224 – CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
https://notcve.org/view.php?id=CVE-2022-4224
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download= • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2022-22519 – Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.
https://notcve.org/view.php?id=CVE-2022-22519
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. Un atacante remoto y no autenticado puede enviar una solicitud HTTP o HTTPS con un diseño específico que provoque una sobrelectura del búfer y provoque un bloqueo del servidor web del sistema de ejecución de CODESYS Control • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17094&token=2fb188e2213c74194e81ba61ff99f1c68602ba4d&download= • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •