CODESYS 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk memory corruption and バッファオーバーフロー などに関し、一部は ファイル上書き を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-37552 | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556. | [email protected] | 6.5 | 0.52% | 2023-08-03 | 2026-06-17 |
| CVE-2023-37551 | In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller. | [email protected] | 6.5 | 0.42% | 2023-08-03 | 2026-06-17 |
| CVE-2023-37550 | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549. | [email protected] | 6.5 | 0.52% | 2023-08-03 | 2026-06-17 |
| CVE-2023-37549 | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550 | [email protected] | 6.5 | 0.52% | 2023-08-03 | 2026-06-17 |
| CVE-2023-37548 | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550 | [email protected] | 6.5 | 0.52% | 2023-08-03 | 2026-06-17 |
| CVE-2023-37547 | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 | [email protected] | 6.5 | 0.52% | 2023-08-03 | 2026-06-17 |
| CVE-2023-37546 | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 | [email protected] | 6.5 | 0.52% | 2023-08-03 | 2026-06-17 |
| CVE-2023-3663 | In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. | [email protected] | 8.8 | 1.04% | 2023-08-03 | 2026-06-17 |
| CVE-2023-3662 | In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . | [email protected] | 7.3 | 0.20% | 2023-08-03 | 2026-06-17 |
| CVE-2023-37545 | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550 | [email protected] | 6.5 | 0.52% | 2023-08-03 | 2026-06-17 |
| CVE-2023-3670 | In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. | [email protected] | 7.3 | 0.20% | 2023-07-28 | 2026-06-17 |
| CVE-2022-47393 | An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation. | [email protected] | 6.5 | 0.98% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47392 | An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition. | [email protected] | 6.5 | 0.86% | 2023-05-15 | 2026-06-17 |
| CVE-2022-4048 | Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application. | [email protected] | 7.7 | 0.08% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47391 | In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. | [email protected] | 7.5 | 1.87% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47390 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47389 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47388 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47387 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47386 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.36% | 2023-05-15 | 2026-06-17 |