Codesys Codesys Hmi (Sl)
47 CVEs affecting Codesys Codesys Hmi (Sl). Latest disclosed: 2026-05-26. Critical: 0, High: 28.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41660 | High | 8.8 | 2026-03-24 | A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution. |
CVE-2022-4046 | High | 8.8 | 2023-08-03 | In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges… |
CVE-2022-47390 | High | 8.8 | 2023-05-15 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple… |
CVE-2022-47389 | High | 8.8 | 2023-05-15 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple… |
CVE-2022-47388 | High | 8.8 | 2023-05-15 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple… |
CVE-2022-47387 | High | 8.8 | 2023-05-15 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple… |
CVE-2022-47386 | High | 8.8 | 2023-05-15 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple… |
CVE-2022-47385 | High | 8.8 | 2023-05-15 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple… |
CVE-2022-47384 | High | 8.8 | 2023-05-15 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple… |
CVE-2022-47383 | High | 8.8 | 2023-05-15 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple… |
CVE-2022-47382 | High | 8.8 | 2023-05-15 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple… |
CVE-2022-47381 | High | 8.8 | 2023-05-15 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into t… |
CVE-2022-47380 | High | 8.8 | 2023-05-15 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into… |
CVE-2022-47379 | High | 8.8 | 2023-05-15 | An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which… |
CVE-2026-8046 | High | 8.1 | 2026-05-26 | The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerabil… |
CVE-2022-22515 | High | 8.1 | 2022-04-07 | A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify t… |
CVE-2023-5751 | High | 7.8 | 2024-06-04 | A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of r… |
CVE-2026-8047 | High | 7.5 | 2026-05-26 | The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated… |
CVE-2025-41738 | High | 7.5 | 2025-12-01 | An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type… |
CVE-2024-8175 | High | 7.5 | 2024-09-25 | An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. |