) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:codesys:control_win_sl:3.5.16.40:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-22515 |
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. Published: April 07, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 4.9 MEDIUM |
| CVE-2022-22514 |
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. Published: April 07, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0: 4.9 MEDIUM |
| CVE-2022-22513 |
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. Published: April 07, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 3.5 LOW |
| CVE-2021-36763 |
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. Published: August 03, 2021; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-33485 |
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. Published: August 03, 2021; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |