CVE-2018-25048 – Codesys Runtime Improper Limitation of a Pathname
https://notcve.org/view.php?id=CVE-2018-25048
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. • https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-15806
https://notcve.org/view.php?id=CVE-2020-15806
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. El sistema del tiempo de ejecución de Control CODESYS, versiones anteriores a 3.5.16.10, permite una Asignación de Memoria No Controlada • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= https://www.codesys.com https://www.tenable.com/security/research/tra-2020-46 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2020-12068
https://notcve.org/view.php?id=CVE-2020-12068
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. Se detectó un problema en CODESYS Development System versiones anteriores a 3.5.16.0. CODESYS WebVisu y CODESYS Remote TargetVisu son susceptibles a una escalada de privilegios. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download= https://www.codesys.com •
CVE-2020-10245
https://notcve.org/view.php?id=CVE-2020-10245
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. El servidor web CODESYS versiones V3 anteriores a 3.5.15.40, como es usado en los sistemas de tiempo de ejecución CODESYS Control, presenta un desbordamiento del búfer. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download= https://www.tenable.com/security/research/tra-2020-16 • CWE-787: Out-of-bounds Write •
CVE-2020-7052
https://notcve.org/view.php?id=CVE-2020-7052
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. CODESYS Control versión V3, Gateway versión V3 y HMI versiones V3 anteriores a 3.5.15.30, permiten una asignación de memoria no controlada que puede resultar en una condición de denegación de servicio remota. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download= https://www.tenable.com/security/research/tra-2020-04 • CWE-770: Allocation of Resources Without Limits or Throttling •