Codesys Runtime Toolkit

12 CVEs affecting Codesys Runtime Toolkit. Latest disclosed: 2025-08-04. Critical: 0, High: 7.

Top CVEs affecting Codesys Runtime Toolkit
CVESeverityScorePublishedSummary
CVE-2022-4224High8.82023-03-23In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS re…
CVE-2022-32143High8.82022-06-24In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All re…
CVE-2022-32138High8.82022-06-24In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or…
CVE-2022-32137High8.82022-06-24In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-serv…
CVE-2025-41659High8.32025-08-04A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allo…
CVE-2022-32142High8.12022-06-24Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which ca…
CVE-2022-1965High8.12022-06-24Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the e…
CVE-2022-32141Medium6.52022-06-24Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an inte…
CVE-2022-32140Medium6.52022-06-24Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checkin…
CVE-2022-32139Medium6.52022-06-24In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service conditi…
CVE-2022-32136Medium6.52022-06-24In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-…
CVE-2025-41658Medium5.52025-08-04CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.