Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Codesys Runtime System Security Vulnerabilities

cve
cve

CVE-2018-20025

Use of Insufficiently Random Values exists in CODESYS V3 products versions prior...

7.5CVSS

7.5AI Score

0.003EPSS

2019-02-19 09:29 PM
28
cve
cve

CVE-2018-10612

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user...

9.8CVSS

9.3AI Score

0.001EPSS

2019-01-29 04:29 PM
38
cve
cve

CVE-2018-5440

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a.....

9.8CVSS

9.7AI Score

0.004EPSS

2018-02-15 10:29 AM
28
cve
cve

CVE-2015-6482

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted...

6.7AI Score

0.003EPSS

2015-10-18 07:59 PM
26
cve
cve

CVE-2014-0769

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000.....

7.2AI Score

0.005EPSS

2014-04-25 05:12 AM
37
cve
cve

CVE-2014-0760

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via...

8.1AI Score

0.008EPSS

2014-04-25 05:12 AM
31
cve
cve

CVE-2012-6069

Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a .. (dot dot) in a request to the TCP listener...

6.9AI Score

0.014EPSS

2013-01-21 09:55 PM
36
cve
cve

CVE-2012-6068

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener...

7.3AI Score

0.005EPSS

2013-01-21 09:55 PM
58
Total number of security vulnerabilities58