CVSS: 6.6EPSS: 0%CPEs: 15EXPL: 0CVE-2025-0694 – CODESYS Control V3 removable media path traversal
https://notcve.org/view.php?id=CVE-2025-0694
18 Mar 2025 — Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. • https://cert.vde.com/en/advisories/VDE-2025-015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-8175 – CODESYS: web server vulnerable to DoS
https://notcve.org/view.php?id=CVE-2024-8175
25 Sep 2024 — An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. Un atacante remoto no autenticado puede provocar que el servidor web CODESYS acceda a una memoria no válida, lo que resulta en un DoS. An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. • https://cert.vde.com/en/advisories/VDE-2024-057 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5751 – CODESYS: Development system prone to DoS through exposure of resource to wrong sphere
https://notcve.org/view.php?id=CVE-2023-5751
04 Jun 2024 — A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. Un atacante local con privilegios bajos puede leer y modificar los archivos de cualquier usuario y provocar un DoS en el directorio de trabajo de los productos afectados debido a la exposición del recurso a una esfera incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-027 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-5000 – CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products
https://notcve.org/view.php?id=CVE-2024-5000
04 Jun 2024 — An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. Un atacante remoto no autenticado puede utilizar un cliente OPC UA malicioso para enviar una solicitud manipulada a los productos CODESYS afectados, lo que puede provocar un DoS debido a un cálculo incorrecto del tamaño del búfer. An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted req... • https://cert.vde.com/en/advisories/VDE-2024-026 • CWE-131: Incorrect Calculation of Buffer Size •