CVSS: 6.6EPSS: 0%CPEs: 15EXPL: 0CVE-2025-0694 – CODESYS Control V3 removable media path traversal
https://notcve.org/view.php?id=CVE-2025-0694
18 Mar 2025 — Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. • https://cert.vde.com/en/advisories/VDE-2025-015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-8175 – CODESYS: web server vulnerable to DoS
https://notcve.org/view.php?id=CVE-2024-8175
25 Sep 2024 — An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. Un atacante remoto no autenticado puede provocar que el servidor web CODESYS acceda a una memoria no válida, lo que resulta en un DoS. An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. • https://cert.vde.com/en/advisories/VDE-2024-057 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-5000 – CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products
https://notcve.org/view.php?id=CVE-2024-5000
04 Jun 2024 — An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. Un atacante remoto no autenticado puede utilizar un cliente OPC UA malicioso para enviar una solicitud manipulada a los productos CODESYS afectados, lo que puede provocar un DoS debido a un cálculo incorrecto del tamaño del búfer. An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted req... • https://cert.vde.com/en/advisories/VDE-2024-026 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-6357 – OS Command Injection in multiple CODESYS products
https://notcve.org/view.php?id=CVE-2023-6357
05 Dec 2023 — A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Un atacante remoto con pocos privilegios podría aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a través de librerías del sistema de archivos que podrían darle al atacante el control total del dispositivo. • https://cert.vde.com/en/advisories/VDE-2023-066 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2021-29242
https://notcve.org/view.php?id=CVE-2021-29242
03 May 2021 — CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. El sistema CODESYS Control Runtime versiones anteriores a 3.5.17.0, presenta una comprobación inapropiada de entrada. Los atacantes pueden enviar paquetes de comunicación diseñados para cambiar el esquema de direccionamiento del enrutador y pueden redireccionar, ag... • https://customers.codesys.com/index.php • CWE-20: Improper Input Validation •