RSS   Vulnerabilities for 'Codesys'   RSS

2021-10-26
 
CVE-2021-34583

CWE-787
 

 
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

 
 
CVE-2021-34584

CWE-126
 

 
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

 
 
CVE-2021-34585

CWE-754
 

 
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

 
 
CVE-2021-34586

CWE-476
 

 
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

 
2021-08-25
 
CVE-2021-21869

CWE-502
 

 
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

 
2021-08-18
 
CVE-2021-21867

CWE-502
 

 
An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

 
 
CVE-2021-21868

CWE-502
 

 
An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

 
2020-03-26
 
CVE-2019-5105

CWE-119
 

 
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability.

 
2019-09-17
 
CVE-2019-13538

CWE-79
 

 
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.15.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.

 

 >>> Vendor: Codesys 46 Products
Web server
Control for beaglebone
Control for empc-a/imx6
Control for iot2000
Control for pfc100
Control for pfc200
Control for raspberry pi
Codesys
Control for empc-a\/imx6
Control for linux
Control for plcnext
Control rte
Control runtime system toolkit
Control win
Embedded target visu toolkit
HMI
Remote target visu toolkit
Plcwinnt
Runtime toolkit
Sp realtime nt
Gateway
Safety sil2
Simulation runtime
Runtime
Development system
Control for wago touch panels 600
Automation server
V2 web server
V2 runtime system sp
Ethernetip
Profinet
Control for beaglebone sl
Control for beckhoff cx9020
Control for empc-a\/imx6 sl
Control for iot2000 sl
Control for linux sl
Control for pfc100 sl
Control for pfc200 sl
Control for plcnext sl
Control for raspberry pi sl
Control for wago touch panels 600 sl
Control rte sl
Control rte sl \(for beckhoff cx\)
Control win sl
Edge gateway
Hmi sl


Copyright 2022, cxsecurity.com

 

Back to Top