Codesys Hmi_sl

13 CVEs affecting Codesys Hmi_sl. Latest disclosed: 2025-12-01. Critical: 1, High: 11.

Top CVEs affecting Codesys Hmi_sl
CVESeverityScorePublishedSummary
CVE-2018-10612Critical9.82019-01-29In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled b…
CVE-2022-4046High8.82023-08-03In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges…
CVE-2022-4224High8.82023-03-23In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS re…
CVE-2019-9013High8.82019-08-15An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insuffic…
CVE-2022-22515High8.12022-04-07A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify t…
CVE-2025-41738High7.52025-12-01An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type…
CVE-2022-31805High7.52022-06-24In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
CVE-2022-22519High7.52022-04-07A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the C…
CVE-2022-22517High7.52022-04-07An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets…
CVE-2018-20026High7.52019-02-19Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
CVE-2018-20025High7.52019-02-19Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
CVE-2022-22514High7.12022-04-07An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of…
CVE-2022-22513Medium6.52022-04-07An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.