Codesys Gateway
18 CVEs affecting Codesys Gateway. Latest disclosed: 2022-07-11. Critical: 2, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-31802 | Critical | 9.8 | 2022-06-24 | In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. A… |
CVE-2019-9010 | Critical | 9.8 | 2019-08-15 | An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants o… |
CVE-2022-30792 | High | 7.5 | 2022-07-11 | In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel… |
CVE-2022-30791 | High | 7.5 | 2022-07-11 | In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing… |
CVE-2022-31805 | High | 7.5 | 2022-06-24 | In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. |
CVE-2022-31804 | High | 7.5 | 2022-06-24 | The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amou… |
CVE-2022-22517 | High | 7.5 | 2022-04-07 | An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets… |
CVE-2021-36764 | High | 7.5 | 2021-08-04 | In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affecte… |
CVE-2021-29241 | High | 7.5 | 2021-05-03 | CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). |
CVE-2019-9009 | High | 7.5 | 2019-09-17 | An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. |
CVE-2019-9012 | High | 7.5 | 2019-08-15 | An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS prod… |
CVE-2018-20026 | High | 7.5 | 2019-02-19 | Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. |
CVE-2018-20025 | High | 7.5 | 2019-02-19 | Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. |
CVE-2021-29242 | High | 7.3 | 2021-05-03 | CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressin… |
CVE-2022-22514 | High | 7.1 | 2022-04-07 | An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of… |
CVE-2022-22513 | Medium | 6.5 | 2022-04-07 | An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. |
CVE-2020-7052 | Medium | 6.5 | 2020-01-24 | CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. |
CVE-2022-31803 | Medium | 5.3 | 2022-06-24 | In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP c… |