Codesys Plcwinnt

17 CVEs affecting Codesys Plcwinnt. Latest disclosed: 2022-06-24. Critical: 1, High: 10.

Top CVEs affecting Codesys Plcwinnt
CVESeverityScorePublishedSummary
CVE-2022-31806Critical9.82022-06-24In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or promp…
CVE-2022-32143High8.82022-06-24In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All re…
CVE-2022-32138High8.82022-06-24In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or…
CVE-2022-32137High8.82022-06-24In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-serv…
CVE-2022-32142High8.12022-06-24Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which ca…
CVE-2022-1965High8.12022-06-24Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the e…
CVE-2021-34595High8.12021-10-26A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions…
CVE-2022-31805High7.52022-06-24In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
CVE-2021-34593High7.52021-10-26In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-ser…
CVE-2021-30195High7.52021-05-25CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
CVE-2021-30186High7.52021-05-25CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
CVE-2022-32141Medium6.52022-06-24Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an inte…
CVE-2022-32140Medium6.52022-06-24Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checkin…
CVE-2022-32139Medium6.52022-06-24In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service conditi…
CVE-2022-32136Medium6.52022-06-24In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-…
CVE-2021-34596Medium6.52021-10-26A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resul…
CVE-2019-19789Medium6.52019-12-203S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL poin…