CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-6357 – OS Command Injection in multiple CODESYS products
https://notcve.org/view.php?id=CVE-2023-6357
05 Dec 2023 — A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Un atacante remoto con pocos privilegios podría aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a través de librerías del sistema de archivos que podrían darle al atacante el control total del dispositivo. • https://cert.vde.com/en/advisories/VDE-2023-066 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-4224 – CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
https://notcve.org/view.php?id=CVE-2022-4224
23 Mar 2023 — In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download= • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33486
https://notcve.org/view.php?id=CVE-2021-33486
03 Aug 2021 — All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. Todas las versiones de CODESYS V3 Runtime Toolkit para VxWorks a partir de la versión V3.5.8.0 y versiones anteriores V3.5.17.10, presentan un Manejo Inapropiado de Condiciones Excepcionales • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14806&token=637e12e86301b83beac1653bd88da3aa5aa3f51b&download= • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-9013
https://notcve.org/view.php?id=CVE-2019-9013
15 Aug 2019 — An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESY... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •