CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-6357 – OS Command Injection in multiple CODESYS products
https://notcve.org/view.php?id=CVE-2023-6357
05 Dec 2023 — A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Un atacante remoto con pocos privilegios podría aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a través de librerías del sistema de archivos que podrían darle al atacante el control total del dispositivo. • https://cert.vde.com/en/advisories/VDE-2023-066 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-4224 – CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
https://notcve.org/view.php?id=CVE-2022-4224
23 Mar 2023 — In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download= • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32143 – CODESYS runtime system prone to directory acces
https://notcve.org/view.php?id=CVE-2022-32143
24 Jun 2022 — In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required En Diversos prod... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32142 – CODESYS runtime system prone to denial of service due to use of out of range pointer
https://notcve.org/view.php?id=CVE-2022-32142
24 Jun 2022 — Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. Diversos productos CODESYS son propensos a un acceso de lectura o escritura fuera de límites. Un atacante remoto poco privilegiado puede diseñar una petición con... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32141 – CODESYS runtime system prone to denial of service due to buffer over read
https://notcve.org/view.php?id=CVE-2022-32141
24 Jun 2022 — Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. Diversos productos CODESYS son propensos a una lectura excesiva del buffer. Un atacante remoto poco privilegiado puede diseñar una petición con un desplazamiento no válido, que puede causar una sobre lectura del búfer interno, resultando en una condici... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32140 – CODESYS runtime system prone to denial of service due to buffer copy
https://notcve.org/view.php?id=CVE-2022-32140
24 Jun 2022 — Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required. diversos productos de CODESYS están afectados por un desbordamiento de búfer. Un atacante remoto poco privilegiado puede diseñar una petición, que puede causar una copia del búfer sin comprobar el tamaño del servicio, resultando en una condición de... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32139 – CODESYS runtime system prone to denial of service due to out of bounds read
https://notcve.org/view.php?id=CVE-2022-32139
24 Jun 2022 — In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. En diversos productos de CODESYS, un atacante remoto poco privilegiado puede diseñar una petición que cause una lectura fuera de los límites, resultando en una situación de denegación de servicio. No es requerida una interacción del usuario • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32138 – CODESYS runtime system prone to denial of service due to Unexpected Sign Extension
https://notcve.org/view.php?id=CVE-2022-32138
24 Jun 2022 — In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. En diversos productos CODESYS, un atacante remoto puede diseñar una petición que puede causar una extensión de signo inesperada, resultando en una condición de negación de servicio o sobreescritura de memoria • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-194: Unexpected Sign Extension •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32137 – CODESYS Runtime System prone to heap based buffer overflow
https://notcve.org/view.php?id=CVE-2022-32137
24 Jun 2022 — In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required. En diversos productos de CODESYS, un atacante remoto poco privilegiado puede diseñar una petición que puede causar un desbordamiento de búfer en la región heap de la memoria, resultando en una condición de negación de servicio o sobreescritura de memoria. No es requerida una interacc... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32136 – Codesys runtime systems: Access of uninitialised pointer lead to denial of service.
https://notcve.org/view.php?id=CVE-2022-32136
24 Jun 2022 — In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required. En varios productos CODESYS, un atacante remoto poco privilegiado puede diseñar una petición que cause un acceso de lectura a un puntero no inicializado, resultando en una denegación de servicio. No es requerida una interacción del usuario • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-824: Access of Uninitialized Pointer •