Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Development_system
(Codesys)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-05-03 | CVE-2021-29241 | CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | Control_for_beaglebone_sl, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_raspberry_pi_sl, Control_runtime_system_toolkit, Development_system, Edge_gateway, Gateway | 7.5 | ||
| 2021-05-04 | CVE-2021-29240 | The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. | Development_system | 7.8 | ||
| 2021-08-02 | CVE-2021-21864 | A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | Development_system | 7.8 | ||
| 2021-08-02 | CVE-2021-21865 | A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | Development_system | 7.8 | ||
| 2021-08-02 | CVE-2021-21866 | A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | Development_system | 7.8 | ||
| 2021-08-05 | CVE-2021-21863 | A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | Development_system | 7.8 | ||
| 2022-04-07 | CVE-2022-22513 | An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | Control_for_beaglebone_sl, Control_for_beckhoff_cx9020, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_runtime_system_toolkit, Control_win_sl, Development_system, Edge_gateway, Embedded_target_visu_toolkit, Gateway, Hmi_sl, Remote_target_visu_toolkit | 6.5 | ||
| 2022-04-07 | CVE-2022-22514 | An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. | Control_for_beaglebone_sl, Control_for_beckhoff_cx9020, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_runtime_system_toolkit, Control_win_sl, Development_system, Edge_gateway, Embedded_target_visu_toolkit, Gateway, Hmi_sl, Remote_target_visu_toolkit | 7.1 | ||
| 2022-04-07 | CVE-2022-22515 | A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | Control_for_beaglebone_sl, Control_for_beckhoff_cx9020, Control_for_empc\-A\/imx6_sl, Control_for_iot2000_sl, Control_for_linux_sl, Control_for_pfc100_sl, Control_for_pfc200_sl, Control_for_plcnext_sl, Control_for_raspberry_pi_sl, Control_for_wago_touch_panels_600_sl, Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_runtime_system_toolkit, Control_win_sl, Development_system, Embedded_target_visu_toolkit, Hmi_sl, Remote_target_visu_toolkit | N/A | ||
| 2022-04-07 | CVE-2022-22516 | The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | Control_rte_sl, Control_rte_sl_\(For_beckhoff_cx\), Control_win_sl, Development_system | 7.8 |