MidnightBSD

Advisories for codesys

CVE-2017-6025 HIGH

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
codesys web_server *
CVE-2017-6027 HIGH

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
codesys web_server *
CVE-2018-10612 HIGH

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-311,CWE-732,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_for_iot2000_sl *
codesys control_runtime_toolkit *
codesys control_rte_sl *
CVE-2018-20025 MEDIUM

Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_for_iot2000_sl *
codesys control_runtime_toolkit *
codesys control_rte_sl *
CVE-2018-20026 MEDIUM

Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys targetvisu_sl *
codesys control_for_pfc200_sl *
codesys control_for_iot2000_sl *
codesys control_runtime_toolkit *
codesys plchandler *
codesys control_rte_sl *
codesys opc_server *
CVE-2018-25048

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys runtime_plcwinnt *
codesys control_win *
codesys runtime_system_toolkit *
codesys control_for_pfc100 *
codesys control_v3_runtime_system_toolkit *
codesys control_for_pfc200 *
codesys runtime_system_toolkit 3.5.15.0
codesys control_rte *
codesys embedded_target_visu_toolkit *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys simulation_runtime *
codesys remote_target_visu_toolkit *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
CVE-2019-13532 MEDIUM

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
codesys control_win *
codesys control_for_pfc100 *
codesys control_for_pfc200 *
codesys control_runtime_system_toolkit *
codesys control_rte *
codesys embedded_target_visu_toolkit *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys remote_target_visu_toolkit *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
codesys control_for_linux *
CVE-2019-13538 MEDIUM

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
codesys codesys *
CVE-2019-13542 MEDIUM

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
codesys control_for_pfc200 *
codesys linux *
codesys control_win *
codesys runtime_system_toolkit *
codesys control_rte *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys control_for_empc-a/imx6 *
codesys control_for_iot2000 *
codesys control_for_pfc100 *
CVE-2019-13548 HIGH

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
codesys control_win *
codesys control_for_pfc100 *
codesys control_for_pfc200 *
codesys control_runtime_system_toolkit *
codesys control_rte *
codesys embedded_target_visu_toolkit *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys remote_target_visu_toolkit *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
codesys control_for_linux *
CVE-2019-16265 HIGH

CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
codesys eni_server *
codesys codesys *
CVE-2019-18858 HIGH

CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
codesys control_win *
codesys control_for_pfc100 *
codesys control_for_pfc200 *
codesys control_for_plcnext *
codesys control_runtime_system_toolkit *
codesys control_rte *
codesys embedded_target_visu_toolkit *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys remote_target_visu_toolkit *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
codesys control_for_linux *
CVE-2019-19789 MEDIUM

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys sp_realtime_nt *
codesys plcwinnt *
CVE-2019-5105 MEDIUM

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
codesys codesys 3.5.13.2
CVE-2019-9008 MEDIUM

An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
codesys control_for_pfc200 *
codesys control_win *
codesys control_rte *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys simulation_runtime *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
codesys control_for_pfc100 *
CVE-2019-9009 MEDIUM

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
codesys linux *
codesys control_win *
codesys safety_sil2 *
codesys runtime_system_toolkit *
codesys control_for_pfc100 *
codesys gateway *
codesys control_for_pfc200 *
codesys control_rte *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys simulation_runtime *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
CVE-2019-9010 HIGH

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_for_beaglebone_sl *
codesys control_for_pfc200_sl *
codesys control_for_iot2000_sl *
codesys control_runtime_toolkit *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system *
CVE-2019-9012 HIGH

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-770,

Products Affected

Vendor Product Version
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_for_beaglebone_sl *
codesys control_for_pfc200_sl *
codesys control_for_iot2000_sl *
codesys control_runtime_toolkit *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system *
CVE-2019-9013 MEDIUM

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys runtime_toolkit *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_for_iot2000_sl *
codesys control_rte_sl *
codesys raspberry_pi *
CVE-2020-10245 HIGH

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
codesys control_win *
codesys control_for_pfc100 *
codesys control_for_pfc200 *
codesys control_for_plcnext *
codesys control_runtime_system_toolkit *
codesys control_rte *
codesys embedded_target_visu_toolkit *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys remote_target_visu_toolkit *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
codesys control_for_linux *
CVE-2020-12068 MEDIUM

An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
codesys control_win *
codesys control_for_pfc100 *
codesys development_system *
codesys control_for_pfc200 *
codesys control_for_plcnext *
codesys control_runtime_system_toolkit *
codesys control_rte *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Products Affected

Vendor Product Version
festo controller_cecc-d_firmware 2.3.8.1
wago 762-5206/8000-001_firmware *
wago 762-4201/8000-001_firmware *
wago 762-5203/8000-001_firmware *
wago 762-5205/8000-001_firmware *
wago 762-6202/8000-001_firmware *
wago 750-8207_firmware *
wago 762-4306/8000-002_firmware *
wago 762-4303/8000-002_firmware *
wago 762-5204/8000-001_firmware *
wago 762-6203/8000-001_firmware *
wago 750-8204_firmware *
codesys control_win_v3 *
wago 762-4304/8000-002_firmware *
wago 762-4205/8000-001_firmware *
wago 762-4305/8000-002_firmware *
codesys v3_simulation_runtime *
wago 750-8214_firmware *
festo controller_cecc-lk_firmware 2.3.8.0
wago 762-4202/8000-001_firmware *
wago 762-4205/8000-002_firmware *
codesys control_for_pfc100 *
codesys control_for_pfc200 *
festo controller_cecc-lk_firmware 2.3.8.1
wago 752-8303/8000-0002_firmware *
wago 750-8217_firmware -
wago 750-8102_firmware *
wago 750-8213_firmware *
wago 762-4203/8000-001_firmware *
wago 762-6301/8000-002_firmware *
wago 762-6303/8000-002_firmware *
wago 762-5305/8000-002_firmware *
wago 750-8100_firmware *
wago 750-8210_firmware *
wago 762-5306/8000-002_firmware *
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 762-4206/8000-001_firmware *
wago 762-4206/8000-002_firmware *
wago 762-4302/8000-002_firmware *
wago 762-5304/8000-002_firmware *
festo controller_cecc-d_firmware 2.3.8.0
wago 762-6204/8000-001_firmware *
wago 750-8206_firmware *
wago 762-4301/8000-002_firmware *
wago 762-6201/8000-001_firmware *
pilz pmc *
festo controller_cecc-s_firmware 2.3.8.0
festo controller_cecc-s_firmware 2.3.8.1
codesys control_for_linux *
codesys hmi_v3 *
wago 750-8215_firmware *
wago 762-6304/8000-002_firmware *
wago 750-8101_firmware *
wago 762-6302/8000-002_firmware *
wago 750-8216_firmware *
wago 762-5303/8000-002_firmware *
codesys control_v3_runtime_system_toolkit *
codesys control_for_plcnext *
codesys control_rte_v3 *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
wago 750-8202_firmware *
codesys control_for_empc-a/imx6 *
codesys control_for_iot2000 *
wago 762-4204/8000-001_firmware *
wago 750-8212_firmware *
CVE-2020-15806 MEDIUM

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
codesys control_win *
codesys control_for_pfc100 *
codesys control_for_pfc200 *
codesys control_for_plcnext *
codesys control_runtime_system_toolkit *
codesys control_rte *
codesys embedded_target_visu_toolkit *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys simulation_runtime *
codesys control_for_wago_touch_panels_600 *
codesys remote_target_visu_toolkit *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
codesys control_for_linux *
CVE-2020-6081 MEDIUM

An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
codesys runtime 3.5.14.30
CVE-2020-7052 MEDIUM

CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
codesys control_win *
codesys safety_sil2 *
codesys control_for_pfc100 *
codesys gateway *
codesys control_for_pfc200 *
codesys control_for_plcnext *
codesys control_runtime_system_toolkit *
codesys control_rte *
codesys control_for_beaglebone *
codesys control_for_raspberry_pi *
codesys simulation_runtime *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys control_for_iot2000 *
codesys control_for_linux *
CVE-2021-21863 MEDIUM

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
codesys development_system 3.5.16.0
codesys development_system 3.5.17.0
CVE-2021-21864 MEDIUM

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
codesys development_system 3.5.16.0
codesys development_system 3.5.17.0
CVE-2021-21865 MEDIUM

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
codesys development_system 3.5.16.0
codesys development_system 3.5.17.0
CVE-2021-21866 MEDIUM

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
codesys development_system 3.5.16.0
codesys development_system 3.5.17.0
CVE-2021-21867 MEDIUM

An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
codesys codesys 3.5.16.0
codesys codesys 3.5.17.0
CVE-2021-21868 MEDIUM

An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
codesys codesys 3.5.16.0
codesys codesys 3.5.17.0
CVE-2021-21869 MEDIUM

An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
codesys codesys 3.5.16.0
codesys codesys 3.5.17.0
CVE-2021-29238 MEDIUM

CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
codesys automation_server *
CVE-2021-29239 MEDIUM

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
codesys development_system *
CVE-2021-29240 MEDIUM

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
codesys development_system *
CVE-2021-29241 MEDIUM

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_for_beaglebone_sl *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys edge_gateway *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system *
CVE-2021-29242 HIGH

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
codesys control_for_beaglebone_sl *
codesys control_win *
codesys control_for_plcnext_sl *
codesys control_for_linux_arm_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys gateway *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_rte *
codesys embedded_target_visu_toolkit *
codesys plchandler *
codesys simulation_runtime *
codesys control_for_wago_touch_panels_600_sl *
codesys remote_target_visu_toolkit *
codesys opc_server *
codesys hmi *
codesys edge_gateway *
codesys safety_sil *
CVE-2021-30186 MEDIUM

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
codesys plcwinnt *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
codesys runtime_toolkit *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-30187 MEDIUM

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
codesys runtime_toolkit *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-30188 HIGH

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
codesys v2_runtime_system_sp *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-30189 HIGH

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
codesys v2_web_server *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-30190 HIGH

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
codesys v2_web_server *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-30191 MEDIUM

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
codesys v2_web_server *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-30192 HIGH

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
codesys v2_web_server *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-30193 HIGH

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
codesys v2_web_server *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-30194 MEDIUM

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
codesys v2_web_server *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-30195 MEDIUM

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
codesys plcwinnt *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
codesys runtime_toolkit *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-33485 HIGH

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control *
codesys control_runtime_system_toolkit *
codesys control_rte *
codesys embedded_target_visu_toolkit *
codesys remote_target_visu_toolkit *
codesys hmi *
CVE-2021-33486 MEDIUM

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
CVE-2021-34583 MEDIUM

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
codesys codesys *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-34584 MEDIUM

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
codesys codesys *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-34585 MEDIUM

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
codesys codesys *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-34586 MEDIUM

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
codesys codesys *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-34593 MEDIUM

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
wago 750-8204_firmware *
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-8208_firmware *
wago 750-8214_firmware *
wago 750-8217_firmware *
codesys runtime_toolkit *
codesys plcwinnt *
wago 750-8216_firmware *
wago 750-8206_firmware *
wago 750-8207_firmware *
wago 750-8213_firmware *
wago 750-8202_firmware *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-34595 MEDIUM

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
info@cert.vde.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-823,CWE-119,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
codesys plcwinnt *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
codesys runtime_toolkit *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
codesys codesys *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-34596 MEDIUM

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,

Products Affected

Vendor Product Version
wago 750-8203_firmware *
wago 750-8211_firmware *
wago 750-882_firmware *
wago 750-8208_firmware *
wago 750-8217_firmware *
codesys plcwinnt *
wago 750-832_firmware *
wago 750-852_firmware *
wago 750-8206_firmware *
wago 750-862_firmware *
wago 750-8207_firmware *
wago 750-889_firmware *
wago 750-890_firmware *
wago 750-8204_firmware *
wago 750-829_firmware *
wago 750-831_firmware *
wago 750-891_firmware *
wago 750-8214_firmware *
codesys runtime_toolkit *
wago 750-823_firmware *
wago 750-8216_firmware *
wago 750-885_firmware *
wago 750-880_firmware *
wago 750-8213_firmware *
wago 750-881_firmware *
wago 750-8202_firmware *
wago 750-893_firmware *
codesys codesys *
wago 750-8210_firmware *
wago 750-8212_firmware *
CVE-2021-34599 MEDIUM

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2
info@cert.vde.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
codesys git *
CVE-2021-36763 MEDIUM

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control *
codesys control_runtime_system_toolkit *
codesys control_rte *
codesys embedded_target_visu_toolkit *
codesys remote_target_visu_toolkit *
codesys hmi *
CVE-2021-36764 MEDIUM

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
codesys gateway *
CVE-2021-36765 MEDIUM

In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
codesys ethernetip *
CVE-2022-1794 MEDIUM

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
info@cert.vde.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
codesys opc_da_server *
CVE-2022-1965 MEDIUM

Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
info@cert.vde.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-1989

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
codesys visualization *
CVE-2022-22508

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-22510 MEDIUM

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
codesys profinet 4.2.0.0
CVE-2022-22513 LOW

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beckhoff_cx9020 *
codesys control_for_beaglebone_sl *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys embedded_target_visu_toolkit *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys remote_target_visu_toolkit *
codesys edge_gateway *
CVE-2022-22514 MEDIUM

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-822,CWE-119,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beckhoff_cx9020 *
codesys control_for_beaglebone_sl *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys embedded_target_visu_toolkit *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys remote_target_visu_toolkit *
codesys edge_gateway *
CVE-2022-22515 MEDIUM

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beckhoff_cx9020 *
codesys control_for_beaglebone_sl *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys embedded_target_visu_toolkit *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys remote_target_visu_toolkit *
CVE-2022-22516 HIGH

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_win_sl *
codesys control_rte_sl *
codesys development_system *
CVE-2022-22517 MEDIUM

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-334,CWE-330,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beckhoff_cx9020 *
codesys control_for_beaglebone_sl *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys embedded_target_visu_toolkit *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys remote_target_visu_toolkit *
codesys edge_gateway *
CVE-2022-22518 MEDIUM

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_for_beckhoff_cx9020 *
codesys control_for_beaglebone_sl *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
CVE-2022-22519 MEDIUM

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beckhoff_cx9020 *
codesys control_for_beaglebone_sl *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys embedded_target_visu_toolkit *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys remote_target_visu_toolkit *
CVE-2022-30791 MEDIUM

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
codesys control_win *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_plcnext *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys embedded_target_visu_toolkit *
codesys control_for_beaglebone *
codesys control_for_wago_touch_panels_600 *
codesys control_rte_sl *
codesys remote_target_visu_toolkit *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys edge_gateway *
CVE-2022-30792 MEDIUM

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
codesys control_win *
codesys control_for_linux_sl *
codesys gateway *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_plcnext *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys embedded_target_visu_toolkit *
codesys control_for_beaglebone *
codesys control_for_wago_touch_panels_600 *
codesys control_rte_sl *
codesys remote_target_visu_toolkit *
codesys control_for_empc-a/imx6 *
codesys hmi *
codesys edge_gateway *
CVE-2022-31802 HIGH

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-187,

Products Affected

Vendor Product Version
codesys gateway *
CVE-2022-31803 MEDIUM

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
codesys gateway *
CVE-2022-31804 MEDIUM

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-789,

Products Affected

Vendor Product Version
codesys gateway *
CVE-2022-31805 MEDIUM

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-523,

Products Affected

Vendor Product Version
codesys hmi_sl *
codesys web_server *
codesys plchandler *
codesys runtime_toolkit *
codesys sp_realtime_nt *
codesys opc_server *
codesys edge_gateway *
codesys plcwinnt *
codesys gateway *
codesys development_system *
CVE-2022-31806 MEDIUM

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-32136 MEDIUM

In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,CWE-824,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-32137 MEDIUM

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-32138 MEDIUM

In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-194,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-32139 MEDIUM

In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-32140 MEDIUM

Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-32141 MEDIUM

Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-32142 MEDIUM

Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-823,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-32143 MEDIUM

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,

Products Affected

Vendor Product Version
codesys runtime_toolkit *
codesys plcwinnt *
CVE-2022-4046

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
CVE-2022-4048

Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.5 5.2

Products Affected

Vendor Product Version
codesys development_system_v3 *
CVE-2022-4224

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys runtime_toolkit *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
CVE-2022-47378

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47379

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47380

An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47381

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47382

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47383

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47384

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47385

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47386

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47387

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47388

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47389

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47390

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47391

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47392

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2022-47393

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_rte_(sl) *
codesys control_for_beaglebone_sl *
codesys safety_sil2_runtime_toolkit *
codesys control_for_plcnext_sl *
codesys hmi_(sl) *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system_v3 *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_(for_beckhoff_cx)_sl *
codesys control_win_(sl) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys safety_sil2_psp *
codesys control_for_wago_touch_panels_600_sl *
CVE-2023-3662

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
codesys development_system *
CVE-2023-3663

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys development_system *
CVE-2023-3669

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
codesys development_system *
CVE-2023-3670

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
codesys scripting *
codesys development_system *
CVE-2023-37545

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37546

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37547

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37548

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37549

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37550

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37551

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37552

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37553

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37554

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37555

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37556

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37557

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-37559

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys safety_sil2 *
codesys control_for_plcnext_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys development_system *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys control_for_pfc200_sl *
codesys control_runtime_system_toolkit *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys hmi *
CVE-2023-6357

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_for_beaglebone_sl *
codesys control_for_pfc200_sl *
codesys control_for_iot2000_sl *
codesys control_for_plcnext_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys runtime_toolkit *
codesys control_for_linux_arm_sl *
codesys control_for_empc-a/imx6 *
codesys control_for_linux_sl *
CVE-2025-41700

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
codesys codesys *
CVE-2025-41738

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
codesys control_win_sl *
codesys control_for_beaglebone_sl *
codesys control_for_plcnext_sl *
codesys remote_target_visu *
codesys runtime_toolkit *
codesys control_for_linux_arm_sl *
codesys control_for_empc-a/imx6_sl *
codesys control_for_linux_sl *
codesys control_for_pfc100_sl *
codesys control_for_raspberry_pi_sl *
codesys control_rte_sl_(for_beckhoff_cx) *
codesys hmi_sl *
codesys control_for_pfc200_sl *
codesys control_for_iot2000_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_sl *
codesys virtual_control_sl *