CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31805 – Insecure transmission of credentials
https://notcve.org/view.php?id=CVE-2022-31805
24 Jun 2022 — In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. En CODESYS Development System, varios componentes en diversos versiones transmiten las contraseñas para la comunicación entre clientes y servidores sin protección • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= • CWE-523: Unprotected Transport of Credentials •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30194
https://notcve.org/view.php?id=CVE-2021-30194
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta una Lectura Fuera de Límites • https://customers.codesys.com/index.php • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30193
https://notcve.org/view.php?id=CVE-2021-30193
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta una Escritura Fuera de Límites • https://customers.codesys.com/index.php • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30192
https://notcve.org/view.php?id=CVE-2021-30192
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta una Comprobación de Seguridad Implementada Inapropiadamente • https://customers.codesys.com/index.php •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30191
https://notcve.org/view.php?id=CVE-2021-30191
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta una Copia del Búfer sin Comprobar el Tamaño de la Entrada • https://customers.codesys.com/index.php • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30190
https://notcve.org/view.php?id=CVE-2021-30190
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta un Control de Acceso Inapropiado • https://customers.codesys.com/index.php • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30189
https://notcve.org/view.php?id=CVE-2021-30189
25 May 2021 — CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta un Desbordamiento del Búfer en la región Stack de la memoria • https://customers.codesys.com/index.php • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6025
https://notcve.org/view.php?id=CVE-2017-6025
19 May 2017 — A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the applicatio... • http://www.securityfocus.com/bid/97174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-6027
https://notcve.org/view.php?id=CVE-2017-6027
19 May 2017 — An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. Se detectó un problema de carga arbitraria de archivo... • http://www.securityfocus.com/bid/97174 • CWE-434: Unrestricted Upload of File with Dangerous Type •