threat
engine
.sh
Back
·
··:··
Home
/
Product
/
codesys control for linux sl
Product
codesys control for linux sl
52 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-41738
>= 4.5.0.0 and < 4.19.0.0
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource w
7.5
HIGH
CVE-2023-6357
< 4.11.0.0
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries w
8.8
HIGH
CVE-2022-4046
all versions
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote
8.8
HIGH
CVE-2023-37559
< 4.10.0.0
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communicatio
6.5
MEDIUM
CVE-2023-37558
< 4.10.0.0
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communicatio
6.5
MEDIUM
CVE-2023-37557
< 4.10.0.0
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication
6.5
MEDIUM
CVE-2023-37556
< 4.10.0.0
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37555
< 4.10.0.0
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37554
< 4.10.0.0
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37553
< 4.10.0.0
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37552
< 4.10.0.0
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37551
< 4.10.0.0
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communicat
6.5
MEDIUM
CVE-2023-37550
< 4.10.0.0
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37549
< 4.10.0.0
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37548
< 4.10.0.0
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37547
< 4.10.0.0
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37546
< 4.10.0.0
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37545
< 4.10.0.0
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2022-47393
< 4.8.0.0
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability
6.5
MEDIUM
CVE-2022-47392
< 4.8.0.0
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components
6.5
MEDIUM
CVE-2022-47391
< 4.8.0.0
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerabili
7.5
HIGH
CVE-2022-47390
< 4.8.0.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47389
< 4.8.0.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47388
< 4.8.0.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47387
< 4.8.0.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47386
< 4.8.0.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47385
< 4.8.0.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple
8.8
HIGH
CVE-2022-47384
< 4.8.0.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47383
< 4.8.0.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47382
< 4.8.0.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47381
< 4.8.0.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple
8.8
HIGH
CVE-2022-47380
< 4.8.0.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multipl
8.8
HIGH
CVE-2022-47379
< 4.8.0.0
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to
8.8
HIGH
CVE-2022-47378
< 4.8.0.0
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote att
6.5
MEDIUM
CVE-2022-22508
< 4.7.0.0
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecuti
4.3
MEDIUM
CVE-2022-4224
>= 3.0 and < 4.8.0.0
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and
8.8
HIGH
CVE-2022-30792
< 4.5.0.0
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to bl
7.5
HIGH
CVE-2022-30791
< 4.5.0.0
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block
7.5
HIGH
CVE-2022-22519
< 4.5.0.0
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a cr
7.5
HIGH
CVE-2022-22518
>= 4.4.0.0 and < 4.5.0.0
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access t
6.5
MEDIUM
CVE-2022-22517
< 4.5.0.0
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid chann
7.5
HIGH
CVE-2022-22515
< 4.5.0.0
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability
8.1
HIGH
CVE-2022-22514
< 4.5.0.0
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently
7.1
HIGH
CVE-2022-22513
< 4.5.0.0
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS product
6.5
MEDIUM
CVE-2021-29242
>= 3.0 and < 4.1.0.0
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to
7.3
HIGH
CVE-2021-29241
>= 3.0 and < 4.0.1.0
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5
HIGH
CVE-2019-9012
>= 3.0 and < 3.5.14.20
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations
7.5
HIGH
CVE-2019-9010
>= 3.0 and < 3.5.14.20
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communic
9.8
CRITICAL
CVE-2019-9013
>= 3.0 and < 3.5.16.0
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in us
8.8
HIGH
CVE-2018-20026
>= 3.0 and < 3.5.14.0
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
7.5
HIGH
CVE-2018-20025
>= 3.0 and < 3.5.14.0
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
7.5
HIGH
CVE-2018-10612
>= 3.0 and < 3.5.14.0
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communicatio
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin