CVE-2022-22516 – CODESYS driver SysDrv3S allows SYSTEM users on Microsoft Windows to read and write in restricted memory space.
https://notcve.org/view.php?id=CVE-2022-22516
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. El controlador SysDrv3S del sistema de tiempo de ejecución de CODESYS Control en Microsoft Windows permite a cualquier usuario del sistema leer y escribir en un espacio de memoria restringido • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download= • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-22515 – A component of the CODESYS Control runtime system allows read and write access to configuration files
https://notcve.org/view.php?id=CVE-2022-22515
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. Un atacante remoto y autentificado podría utilizar el programa de control del sistema de tiempo de ejecución CODESYS Control para utilizar la vulnerabilidad con el fin de leer y modificar el/los archivo/s de configuración de los productos afectados • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17089&token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53&download= • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-22514 – Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.
https://notcve.org/view.php?id=CVE-2022-22514
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. Un atacante remoto autentificado puede obtener acceso a un puntero desreferenciado contenido en una solicitud. Los accesos pueden llevar posteriormente a la sobreescritura local de la memoria en el CmpTraceMgr, por lo que el atacante no puede obtener los valores leídos internamente ni controlar los valores a escribir. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVE-2022-22513 – Null Pointer Dereference in multiple CODESYS products can lead to a DoS.
https://notcve.org/view.php?id=CVE-2022-22513
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. Un atacante remoto autenticado puede causar una desreferencia de puntero null en el componente CmpSettings de los productos CODESYS afectados, lo que conlleva a un bloqueo • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= • CWE-476: NULL Pointer Dereference •
CVE-2021-36763
https://notcve.org/view.php?id=CVE-2021-36763
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. En CODESYS V3 web server versiones anteriores a 3.5.17.10, los archivos o directorios son accesibles para las partes externas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download= • CWE-552: Files or Directories Accessible to External Parties •