threat
engine
.sh
Back
·
··:··
Home
/
Product
/
codesys control runtime system toolkit
Product
codesys control runtime system toolkit
52 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-4046
all versions
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote
8.8
HIGH
CVE-2023-37559
< 3.5.19.20
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communicatio
6.5
MEDIUM
CVE-2023-37558
< 3.5.19.20
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communicatio
6.5
MEDIUM
CVE-2023-37557
< 3.5.19.20
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication
6.5
MEDIUM
CVE-2023-37556
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37555
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37554
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37553
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37552
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37551
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communicat
6.5
MEDIUM
CVE-2023-37550
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37549
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37548
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37547
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37546
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37545
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2022-47393
< 3.5.19.0
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability
6.5
MEDIUM
CVE-2022-47392
< 3.5.19.0
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components
6.5
MEDIUM
CVE-2022-47391
< 3.5.19.0
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerabili
7.5
HIGH
CVE-2022-47390
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47389
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47388
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47387
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47386
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47385
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple
8.8
HIGH
CVE-2022-47384
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47383
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47382
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47381
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple
8.8
HIGH
CVE-2022-47380
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multipl
8.8
HIGH
CVE-2022-47379
< 3.5.19.0
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to
8.8
HIGH
CVE-2022-47378
< 3.5.19.0
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote att
6.5
MEDIUM
CVE-2022-22508
< 3.5.18.40
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecuti
4.3
MEDIUM
CVE-2022-30792
< 3.5.18.20
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to bl
7.5
HIGH
CVE-2022-30791
< 3.5.18.20
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block
7.5
HIGH
CVE-2022-22519
< 3.5.18.0
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a cr
7.5
HIGH
CVE-2022-22518
>= 3.5.17.0 and < 3.5.18.0
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access t
6.5
MEDIUM
CVE-2022-22517
< 3.5.18.0
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid chann
7.5
HIGH
CVE-2022-22515
< 3.5.18.0
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability
8.1
HIGH
CVE-2022-22514
< 3.5.18.0
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently
7.1
HIGH
CVE-2022-22513
< 3.5.18.0
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS product
6.5
MEDIUM
CVE-2021-36763
< 3.5.17.10
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
7.5
HIGH
CVE-2021-33485
< 3.5.17.10
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
9.8
CRITICAL
CVE-2021-29242
>= 3.0 and < 3.5.17.0
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to
7.3
HIGH
CVE-2021-29241
>= 3.0 and < 3.5.16.70
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5
HIGH
CVE-2020-15806
>= 3.0 and < 3.5.16.10
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
7.5
HIGH
CVE-2020-12068
>= 3.0 and < 3.5.16.0
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptib
6.5
MEDIUM
CVE-2020-10245
>= 3.0 and < 3.5.15.40
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
9.8
CRITICAL
CVE-2020-7052
>= 3.0 and < 3.5.15.30
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote deni
6.5
MEDIUM
CVE-2019-18858
< 3.5.15.20
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
9.8
CRITICAL
CVE-2019-13548
>= 3.0 and < 3.5.12.80
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which
9.8
CRITICAL
CVE-2019-13532
>= 3.0 and < 3.5.12.80
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin