CVE-2025-41738

>= 3.5.18.0 and < 3.5.21.40

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource w

7.5HIGH

CVE-2023-6357

< 3.5.19.50

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries w

8.8HIGH

CVE-2022-4224

>= 3.0 and < 3.5.19.0

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and

8.8HIGH

CVE-2022-32143

>= 2.0 and < 2.4.7.57

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firm

8.8HIGH

CVE-2022-32142

>= 2.0 and < 2.4.7.57

Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request

8.1HIGH

CVE-2022-32141

>= 2.0 and < 2.4.7.57

Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid of

6.5MEDIUM

CVE-2022-32140

>= 2.0 and < 2.4.7.57

Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause

6.5MEDIUM

CVE-2022-32139

>= 2.0 and < 2.4.7.57

In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting i

6.5MEDIUM

CVE-2022-32138

>= 2.0 and < 2.4.7.57

In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a d

8.8HIGH

CVE-2022-32137

>= 2.0 and < 2.4.7.57

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow,

8.8HIGH

CVE-2022-32136

>= 2.0 and < 2.4.7.57

In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized po

6.5MEDIUM

CVE-2022-31806

< 2.4.7.57

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and the

9.8CRITICAL

CVE-2022-31805

< 2.4.7.57

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between cl

7.5HIGH

CVE-2022-1965

>= 2.0 and < 2.4.7.57

Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is no

8.1HIGH

CVE-2021-34596

< 2.4.7.56

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior

6.5MEDIUM

CVE-2021-34595

< 2.4.7.56

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full a

8.1HIGH

CVE-2021-34593

< 2.4.7.56

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may re

7.5HIGH

CVE-2021-33486

>= 3.5.8.0 and < 3.5.17.10

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handl

7.5HIGH

CVE-2021-30195

< 2.4.7.55

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

7.5HIGH

CVE-2021-30186

< 2.4.7.55

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

7.5HIGH

CVE-2021-30187

< 2.4.7.55

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

5.3MEDIUM

CVE-2019-19789

< 2.4.7.54

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT befor

6.5MEDIUM

CVE-2019-9013

>= 3.0 and < 3.5.16.0

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in us

8.8HIGH