The CODESYS Control V3 runtime system does not restrict the memory accesses of the PLC application code to the PLC application data and does not sufficiently check the integrity of the application code by default. This could be exploited by authenticated PLC programmers.



The CODESYS Development System does not limit the number of attempts to guess the password within an import dialog.



The Notification Center of the CODESYS Development System receives messages without ensuring that the message was not modified during transmission. This finally enables MITMs code execution when the user clicks the "Learn More" button.



The CODESYS Development System is vulnerable to the execution of malicious binaries from the current working directory.



CODESYS Control V3 runtime systems are affected by several security vulnerabilities in the communication server implementations for the CODESYS protocol. These may be exploited by authenticated attackers.



A vulnerability allows Bluetooth LE pairing traffic to be sniffed and used to bypass authentication for pairing.



Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0