Codesys Control_rte_sl
30 CVEs affecting Codesys Control_rte_sl. Latest disclosed: 2025-12-01. Critical: 1, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-10612 | Critical | 9.8 | 2019-01-29 | In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled b… |
CVE-2022-4046 | High | 8.8 | 2023-08-03 | In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges… |
CVE-2022-4224 | High | 8.8 | 2023-03-23 | In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS re… |
CVE-2019-9013 | High | 8.8 | 2019-08-15 | An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insuffic… |
CVE-2022-22515 | High | 8.1 | 2022-04-07 | A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify t… |
CVE-2022-22516 | High | 7.8 | 2022-04-07 | The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. |
CVE-2025-41738 | High | 7.5 | 2025-12-01 | An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type… |
CVE-2022-30792 | High | 7.5 | 2022-07-11 | In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel… |
CVE-2022-30791 | High | 7.5 | 2022-07-11 | In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing… |
CVE-2022-22519 | High | 7.5 | 2022-04-07 | A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the C… |
CVE-2022-22517 | High | 7.5 | 2022-04-07 | An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets… |
CVE-2018-20026 | High | 7.5 | 2019-02-19 | Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. |
CVE-2018-20025 | High | 7.5 | 2019-02-19 | Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. |
CVE-2022-22514 | High | 7.1 | 2022-04-07 | An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of… |
CVE-2023-37559 | Medium | 6.5 | 2023-08-03 | After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent… |
CVE-2023-37558 | Medium | 6.5 | 2023-08-03 | After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent… |
CVE-2023-37557 | Medium | 6.5 | 2023-08-03 | After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAp… |
CVE-2023-37556 | Medium | 6.5 | 2023-08-03 | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent… |
CVE-2023-37555 | Medium | 6.5 | 2023-08-03 | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent… |
CVE-2023-37554 | Medium | 6.5 | 2023-08-03 | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent… |