Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS



WAGO: Vulnerabilities in CODESYS Control

The following firmware versions installed on several devices are vulnerable due to a vulnerability in the CODESYS Control V3 web server.



An unauthenticated attacker would be able to send crafted requests to cause the CODESYS Gateway Server V2 to allocate excessive memory or consume all available TCP client connections. Besides, passwords are insufficiently checked during login.

All versions of the following CODESYS V2 product prior version V2.3.9.38 are affected:

  • CODESYS Gateway Server



Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0