threat
engine
.sh
Back
·
··:··
Home
/
Product
/
codesys development system
Product
codesys development system
41 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-3669
< 3.5.19.20
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attemp
3.3
LOW
CVE-2023-37559
< 3.5.19.20
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communicatio
6.5
MEDIUM
CVE-2023-37558
< 3.5.19.20
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communicatio
6.5
MEDIUM
CVE-2023-37557
< 3.5.19.20
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication
6.5
MEDIUM
CVE-2023-37556
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37555
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37554
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37553
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37552
< 3.5.19.20
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37551
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communicat
6.5
MEDIUM
CVE-2023-37550
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37549
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37548
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37547
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-37546
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-3663
>= 3.5.11.20 and < 3.5.19.20
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticate
8.8
HIGH
CVE-2023-3662
>= 3.5.17.0 and < 3.5.19.20
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from
7.3
HIGH
CVE-2023-37545
< 3.5.19.20
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communicati
6.5
MEDIUM
CVE-2023-3670
>= 3.5.9.0 and < 3.5.17.0
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would
7.3
HIGH
CVE-2022-4224
>= 3.0 and < 3.5.19.0
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and
8.8
HIGH
CVE-2022-30792
< 3.5.18.20
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to bl
7.5
HIGH
CVE-2022-30791
< 3.5.18.20
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block
7.5
HIGH
CVE-2022-31805
< 2.3.9.69
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between cl
7.5
HIGH
CVE-2022-22519
< 3.5.18.0
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a cr
7.5
HIGH
CVE-2022-22517
>= 3.0 and < 3.5.18.0
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid chann
7.5
HIGH
CVE-2022-22516
< 3.5.18.0
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within res
7.8
HIGH
CVE-2022-22515
>= 3.0 and < 3.5.18.0
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability
8.1
HIGH
CVE-2022-22514
>= 3.0 and < 3.5.18.0
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently
7.1
HIGH
CVE-2022-22513
< 3.5.18.0
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS product
6.5
MEDIUM
CVE-2021-21863
all versions
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Devel
7.8
HIGH
CVE-2021-21866
all versions
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS
7.8
HIGH
CVE-2021-21865
all versions
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS Gm
7.8
HIGH
CVE-2021-21864
all versions
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODES
7.8
HIGH
CVE-2021-29240
>= 3.0 and < 3.5.17.0
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation an
7.8
HIGH
CVE-2021-29241
>= 3.0 and < 3.5.16.70
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5
HIGH
CVE-2021-29239
>= 3.0 and < 3.5.17.0
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first
7.8
HIGH
CVE-2020-12068
< 3.5.16.0
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptib
6.5
MEDIUM
CVE-2019-9012
>= 3.0 and < 3.5.14.20
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations
7.5
HIGH
CVE-2019-9010
>= 3.0 and < 3.5.14.20
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communic
9.8
CRITICAL
CVE-2019-9013
>= 3.0 and < 3.5.16.0
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in us
8.8
HIGH
CVE-2018-20025
>= 3.0 and < 3.5.14.0
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin