Show filters
132 Total Results
Displaying 1-10 of 132
Sort by:
Attacker Value
Moderate
CVE-2020-10245
Disclosure Date: March 26, 2020 (last updated February 21, 2025)
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
4
Attacker Value
Unknown
CVE-2024-8175
Disclosure Date: September 25, 2024 (last updated January 05, 2025)
An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.
0
Attacker Value
Unknown
CVE-2024-6876
Disclosure Date: September 10, 2024 (last updated September 24, 2024)
Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.
0
Attacker Value
Unknown
CVE-2024-5000
Disclosure Date: June 04, 2024 (last updated June 04, 2024)
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.
0
Attacker Value
Unknown
CVE-2023-5751
Disclosure Date: June 04, 2024 (last updated January 05, 2025)
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.
0
Attacker Value
Unknown
CVE-2023-49676
Disclosure Date: May 06, 2024 (last updated January 05, 2025)
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability.
0
Attacker Value
Unknown
CVE-2023-49675
Disclosure Date: May 06, 2024 (last updated January 05, 2025)
An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.
0
Attacker Value
Unknown
CVE-2023-6357
Disclosure Date: December 05, 2023 (last updated December 12, 2023)
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
0
Attacker Value
Unknown
CVE-2022-4046
Disclosure Date: August 03, 2023 (last updated October 08, 2023)
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
0
Attacker Value
Unknown
CVE-2023-3669
Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.
0
