Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Development_system
(Codesys)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-03 | CVE-2023-3663 | In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. | Development_system | 8.8 | ||
| 2022-06-24 | CVE-2022-31805 | In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | Development_system, Edge_gateway, Gateway, Hmi_sl, Opc_server, Plchandler, Plcwinnt, Runtime_toolkit, Sp_realtime_nt, Web_server | 7.5 | ||
| 2023-03-23 | CVE-2022-4224 | In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | Control_for_beaglebone_sl, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_win_sl, Development_system, Hmi_sl, Runtime_toolkit, Safety_sil2 | 8.8 | ||
| 2023-08-03 | CVE-2023-3662 | In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . | Development_system | 7.3 | ||
| 2023-08-03 | CVE-2023-37558 | After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559 | Control_for_beaglebone_sl, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_runtime_system_toolkit, Control_win_sl, Development_system, Hmi, Safety_sil2 | 6.5 | ||
| 2023-08-03 | CVE-2023-37551 | In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller. | Control_for_beaglebone_sl, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_runtime_system_toolkit, Control_win_sl, Development_system, Hmi, Safety_sil2 | 6.5 | ||
| 2023-08-03 | CVE-2023-37552 | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556. | Control_for_beaglebone_sl, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_runtime_system_toolkit, Control_win_sl, Development_system, Hmi, Safety_sil2 | 6.5 | ||
| 2023-08-03 | CVE-2023-37553 | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556. | Control_for_beaglebone_sl, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_runtime_system_toolkit, Control_win_sl, Development_system, Hmi, Safety_sil2 | 6.5 | ||
| 2023-08-03 | CVE-2023-37554 | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556. | Control_for_beaglebone_sl, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_runtime_system_toolkit, Control_win_sl, Development_system, Hmi, Safety_sil2 | 6.5 | ||
| 2023-08-03 | CVE-2023-37555 | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556. | Control_for_beaglebone_sl, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_runtime_system_toolkit, Control_win_sl, Development_system, Hmi, Safety_sil2 | 6.5 |