threat
engine
.sh
Back
·
··:··
Home
/
Product
/
codesys hmi \(sl\)
Product
codesys hmi \(sl\)
30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-41738
>= 3.5.18.0 and < 3.5.21.40
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource w
7.5
HIGH
CVE-2022-4046
all versions
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote
8.8
HIGH
CVE-2022-47393
< 3.5.19.0
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability
6.5
MEDIUM
CVE-2022-47392
< 3.5.19.0
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components
6.5
MEDIUM
CVE-2022-47391
< 3.5.19.0
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerabili
7.5
HIGH
CVE-2022-47390
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47389
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47388
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47387
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47386
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47385
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple
8.8
HIGH
CVE-2022-47384
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47383
< 3.5.19.0
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47382
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple
8.8
HIGH
CVE-2022-47381
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple
8.8
HIGH
CVE-2022-47380
< 3.5.19.0
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multipl
8.8
HIGH
CVE-2022-47379
< 3.5.19.0
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to
8.8
HIGH
CVE-2022-47378
< 3.5.19.0
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote att
6.5
MEDIUM
CVE-2022-22508
< 3.5.18.40
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecuti
4.3
MEDIUM
CVE-2022-4224
>= 3.0 and < 3.5.19.0
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and
8.8
HIGH
CVE-2022-31805
< 3.5.18.30
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between cl
7.5
HIGH
CVE-2022-22519
< 3.5.18.0
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a cr
7.5
HIGH
CVE-2022-22517
< 3.5.18.0
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid chann
7.5
HIGH
CVE-2022-22515
< 3.5.18.0
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability
8.1
HIGH
CVE-2022-22514
< 3.5.18.0
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently
7.1
HIGH
CVE-2022-22513
< 3.5.18.0
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS product
6.5
MEDIUM
CVE-2019-9013
>= 3.0 and < 3.5.16.0
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in us
8.8
HIGH
CVE-2018-20026
>= 3.0 and < 3.5.14.0
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
7.5
HIGH
CVE-2018-20025
>= 3.0 and < 3.5.14.0
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
7.5
HIGH
CVE-2018-10612
>= 3.0 and < 3.5.14.0
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communicatio
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin