Codesys Plcwinnt
17 CVEs affecting Codesys Plcwinnt. Latest disclosed: 2022-06-24. Critical: 1, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-31806 | Critical | 9.8 | 2022-06-24 | In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or promp… |
CVE-2022-32143 | High | 8.8 | 2022-06-24 | In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All re… |
CVE-2022-32138 | High | 8.8 | 2022-06-24 | In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or… |
CVE-2022-32137 | High | 8.8 | 2022-06-24 | In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-serv… |
CVE-2022-32142 | High | 8.1 | 2022-06-24 | Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which ca… |
CVE-2022-1965 | High | 8.1 | 2022-06-24 | Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the e… |
CVE-2021-34595 | High | 8.1 | 2021-10-26 | A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions… |
CVE-2022-31805 | High | 7.5 | 2022-06-24 | In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. |
CVE-2021-34593 | High | 7.5 | 2021-10-26 | In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-ser… |
CVE-2021-30195 | High | 7.5 | 2021-05-25 | CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. |
CVE-2021-30186 | High | 7.5 | 2021-05-25 | CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. |
CVE-2022-32141 | Medium | 6.5 | 2022-06-24 | Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an inte… |
CVE-2022-32140 | Medium | 6.5 | 2022-06-24 | Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checkin… |
CVE-2022-32139 | Medium | 6.5 | 2022-06-24 | In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service conditi… |
CVE-2022-32136 | Medium | 6.5 | 2022-06-24 | In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-… |
CVE-2021-34596 | Medium | 6.5 | 2021-10-26 | A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resul… |
CVE-2019-19789 | Medium | 6.5 | 2019-12-20 | 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL poin… |