Advisories

For CVSS 2.0, 3.0 and 3.2
VDE-2023-023
Aug. 3, 2023, 1:08 PM

CODESYS: Missing Brute-Force protection in CODESYS Development System

The CODESYS Development System does not limit the number of attempts to guess the password within an import dialog.
CVE-2023-3669
VDE-2023-022
Aug. 3, 2023, 12:52 PM

CODESYS: Missing integrity check in CODESYS Development System

The Notification Center of the CODESYS Development System receives messages without ensuring that the message was not modified during transmission. This finally enables MITMs code execution when the user clicks …
CVE-2023-3663
VDE-2023-021
Aug. 3, 2023, 12:48 PM

CODESYS: Vulnerability in CODESYS Development System allows execution of binaries

The CODESYS Development System is vulnerable to the execution of malicious binaries from the current working directory.
CVE-2023-3662
VDE-2023-019
Aug. 3, 2023, 12:42 PM

CODESYS: Multiple Vulnerabilities in CmpApp CmpAppBP and CmpAppForce

CODESYS Control V3 runtime systems are affected by several security vulnerabilities in the communication server implementations for the CODESYS protocol. These may be exploited by authenticated attackers.
CVE-2023-37545
CVE-2023-37546
CVE-2023-37547
CVE-2023-37548
CVE-2023-37549
CVE-2023-37550
CVE-2023-37551
CVE-2023-37552
CVE-2023-37553
CVE-2023-37554
CVE-2023-37555
CVE-2023-37556
CVE-2023-37557
CVE-2023-37558
CVE-2023-37559
VDE-2023-024
July 28, 2023, 9:45 AM

CODESYS: Vulnerability in CODESYS Development System and CODESYS Scripting

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful …
CVE-2023-3670