Codesys Codesys V2
7 CVEs affecting Codesys Codesys V2. Latest disclosed: 2021-10-26. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-34584 | Critical | 9.1 | 2021-10-26 | Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2… |
CVE-2021-34595 | High | 8.1 | 2021-10-26 | A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions… |
CVE-2021-34593 | High | 7.5 | 2021-10-26 | In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-ser… |
CVE-2021-34586 | High | 7.5 | 2021-10-26 | In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a… |
CVE-2021-34585 | High | 7.5 | 2021-10-26 | In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all condit… |
CVE-2021-34583 | High | 7.5 | 2021-10-26 | Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2… |
CVE-2021-34596 | Medium | 6.5 | 2021-10-26 | A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resul… |