CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18177
https://notcve.org/view.php?id=CVE-2019-18177
26 Dec 2022 — In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. En ciertos productos Citrix, un usuario de VPN autenticado puede lograr la divulgación de información cuando hay un endpoint de VPN SSL configurado. Esto afecta a Citrix ADC y Citrix Gateway 13.0-58.30 y versiones posteriores antes de la actualización CTX276688. • https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38368
https://notcve.org/view.php?id=CVE-2022-38368
15 Aug 2022 — An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. Se ha detectado un problema en Aviatrix Gateway versiones anteriores a 6.6.5712 y 6.7.x anteriores a 6.7.1376. Debido a que las funciones de la API de Gateway manejan inapropiadamente la autenticación, un usuario de VPN autenticado puede inyectar comandos arbitrarios. • https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30792 – CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels
https://notcve.org/view.php?id=CVE-2022-30792
11 Jul 2022 — In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. En CmpChannelServer de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicación. Las conexiones existentes no están afectadas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30791 – CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections
https://notcve.org/view.php?id=CVE-2022-30791
11 Jul 2022 — In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. En CmpBlkDrvTcp de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones TCP. Las conexiones existentes no están afectadas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31805 – Insecure transmission of credentials
https://notcve.org/view.php?id=CVE-2022-31805
24 Jun 2022 — In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. En CODESYS Development System, varios componentes en diversos versiones transmiten las contraseñas para la comunicación entre clientes y servidores sin protección • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= • CWE-523: Unprotected Transport of Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31804 – CODESYS Gateway server prone to denial of service attack due to excessive memory allocation
https://notcve.org/view.php?id=CVE-2022-31804
24 Jun 2022 — The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. El CODESYS Gateway Server versiónV2 no verifica que el tamaño de una petición esté dentro de los límites previstos. Un atacante no autenticado puede asignar una cantidad arbitraria de memoria, lo que puede conllevar a un bloqueo del Gateway debido a una condición... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31803 – CODESYS Gateway Server V2 prone to Denial of Service Attack
https://notcve.org/view.php?id=CVE-2022-31803
24 Jun 2022 — In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. En CODESYS Gateway Server versión V2, una comprobación insuficiente de la actividad de las conexiones de clientes TCP permite a un atacante no autenticado consumir to... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31802 – Partial string comparison in CODESYS gateway server
https://notcve.org/view.php?id=CVE-2022-31802
24 Jun 2022 — In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password. En CODESYS Gateway Server versión V2 para versiones anteriores a V2.3.9.38, sólo es comparada una parte de la contraseña especificada con la contraseña real de CODESYS Gateway. Un atacante puede llevar a... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= • CWE-187: Partial String Comparison •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22517 – Communication Components in multiple CODESYS products vulnerable to communication channel disruption
https://notcve.org/view.php?id=CVE-2022-22517
07 Apr 2022 — An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. Un atacante remoto no autenticado puede interrumpir los canales de comunicación presentes entre los productos CODESYS al adivinar un ID de canal válido e inyectando paquetes. Esto hace que el canal de comunicación sea cerrado • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17091&token=c450f8bbbd838c647d102f359356386c6ea5aeca&download= • CWE-330: Use of Insufficiently Random Values CWE-334: Small Space of Random Values •
CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22514 – Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.
https://notcve.org/view.php?id=CVE-2022-22514
07 Apr 2022 — An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. Un atacante remoto autentificado puede obtener acceso a un puntero desreferenciado contenido en una solicitud. Los accesos pueden llevar posteriormente a la sobreescri... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •