Codesys Runtime Toolkit
12 CVEs affecting Codesys Runtime Toolkit. Latest disclosed: 2025-08-04. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-4224 | High | 8.8 | 2023-03-23 | In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS re… |
CVE-2022-32143 | High | 8.8 | 2022-06-24 | In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All re… |
CVE-2022-32138 | High | 8.8 | 2022-06-24 | In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or… |
CVE-2022-32137 | High | 8.8 | 2022-06-24 | In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-serv… |
CVE-2025-41659 | High | 8.3 | 2025-08-04 | A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allo… |
CVE-2022-32142 | High | 8.1 | 2022-06-24 | Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which ca… |
CVE-2022-1965 | High | 8.1 | 2022-06-24 | Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the e… |
CVE-2022-32141 | Medium | 6.5 | 2022-06-24 | Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an inte… |
CVE-2022-32140 | Medium | 6.5 | 2022-06-24 | Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checkin… |
CVE-2022-32139 | Medium | 6.5 | 2022-06-24 | In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service conditi… |
CVE-2022-32136 | Medium | 6.5 | 2022-06-24 | In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-… |
CVE-2025-41658 | Medium | 5.5 | 2025-08-04 | CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. |