CODESYS V3 Products Security Vulnerabilities
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific...
4.3CVSS
4.5AI Score
0.001EPSS
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the...
9.8CVSS
9.1AI Score
0.002EPSS
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet.....
7.5CVSS
7.7AI Score
0.003EPSS
Improper Communication Address Filtering exists in CODESYS V3 products versions prior...
7.5CVSS
7.5AI Score
0.002EPSS
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior...
7.5CVSS
7.5AI Score
0.003EPSS
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user...
9.8CVSS
9.3AI Score
0.001EPSS