RSS   Vulnerabilities for 'Gateway'   RSS

2022-06-24
 
CVE-2022-31802

CWE-187
 

 
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

 
 
CVE-2022-31803

CWE-400
 

 
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.

 
 
CVE-2022-31804

CWE-789
 

 
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.

 
2022-04-07
 
CVE-2022-22513

CWE-476
 

 
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

 
2021-08-04
 
CVE-2021-36764

CWE-476
 

 
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

 
2020-01-24
 
CVE-2020-7052

CWE-400
 

 
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.

 

 >>> Vendor: Codesys 46 Products
Web server
Control for beaglebone
Control for empc-a/imx6
Control for iot2000
Control for pfc100
Control for pfc200
Control for raspberry pi
Codesys
Control for empc-a\/imx6
Control for linux
Control for plcnext
Control rte
Control runtime system toolkit
Control win
Embedded target visu toolkit
HMI
Remote target visu toolkit
Plcwinnt
Runtime toolkit
Sp realtime nt
Gateway
Safety sil2
Simulation runtime
Runtime
Development system
Control for wago touch panels 600
Automation server
V2 web server
V2 runtime system sp
Ethernetip
Profinet
Control for beaglebone sl
Control for beckhoff cx9020
Control for empc-a\/imx6 sl
Control for iot2000 sl
Control for linux sl
Control for pfc100 sl
Control for pfc200 sl
Control for plcnext sl
Control for raspberry pi sl
Control for wago touch panels 600 sl
Control rte sl
Control rte sl \(for beckhoff cx\)
Control win sl
Edge gateway
Hmi sl


Copyright 2022, cxsecurity.com

 

Back to Top