CVSS: 6.6EPSS: 0%CPEs: 15EXPL: 0CVE-2025-0694 – CODESYS Control V3 removable media path traversal
https://notcve.org/view.php?id=CVE-2025-0694
18 Mar 2025 — Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. • https://cert.vde.com/en/advisories/VDE-2025-015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-8175 – CODESYS: web server vulnerable to DoS
https://notcve.org/view.php?id=CVE-2024-8175
25 Sep 2024 — An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. Un atacante remoto no autenticado puede provocar que el servidor web CODESYS acceda a una memoria no válida, lo que resulta en un DoS. An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. • https://cert.vde.com/en/advisories/VDE-2024-057 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-5000 – CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products
https://notcve.org/view.php?id=CVE-2024-5000
04 Jun 2024 — An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. Un atacante remoto no autenticado puede utilizar un cliente OPC UA malicioso para enviar una solicitud manipulada a los productos CODESYS afectados, lo que puede provocar un DoS debido a un cálculo incorrecto del tamaño del búfer. An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted req... • https://cert.vde.com/en/advisories/VDE-2024-026 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-6357 – OS Command Injection in multiple CODESYS products
https://notcve.org/view.php?id=CVE-2023-6357
05 Dec 2023 — A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Un atacante remoto con pocos privilegios podría aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a través de librerías del sistema de archivos que podrían darle al atacante el control total del dispositivo. • https://cert.vde.com/en/advisories/VDE-2023-066 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 14EXPL: 0CVE-2022-4046 – CODESYS: Improper memory restrictions fro CODESYS Control
https://notcve.org/view.php?id=CVE-2022-4046
03 Aug 2023 — In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device. • https://cert.vde.com/en/advisories/VDE-2023-025 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37559 – CODESYS Improper Validation of Consistency within Input in multiple products
https://notcve.org/view.php?id=CVE-2023-37559
03 Aug 2023 — After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558 Después de una autenticación exitosa como usuario en múltiples productos Codesys en múltiples versiones, solicitudes de comunicación de red específicas diseñadas... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37558 – CODESYS Improper Validation of Consistency within Input in multiple products
https://notcve.org/view.php?id=CVE-2023-37558
03 Aug 2023 — After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559 Después de una autenticación exitosa como usuario en múltiples productos Codesys en múltiples versiones, solicitudes de comunicación de red específicas diseñadas... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37557 – CODESYS Heap-based Buffer Overflow in multiple products
https://notcve.org/view.php?id=CVE-2023-37557
03 Aug 2023 — After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition. Después de una autenticación exitosa como usuario en múltiples productos Codesys en múltiples versiones, solicitudes de comunicación remota diseñadas específicamente pueden hacer que el componente CmpAppBP sobrescriba un desbordamiento de búfer, lo que pue... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37556 – CODESYS Improper Input Validation in CmpAppBP
https://notcve.org/view.php?id=CVE-2023-37556
03 Aug 2023 — In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555. En varias versiones de varios productos Codesys, después de una autenticación exitosa como usuario, solicitudes... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-37555 – CODESYS Improper Input Validation in CmpAppBP
https://notcve.org/view.php?id=CVE-2023-37555
03 Aug 2023 — In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556. En múltiples versiones de múltiples productos de Codesys, después de una autenticación exitosa como usuario, la... • https://cert.vde.com/en/advisories/VDE-2023-019 • CWE-20: Improper Input Validation •