This page lists publicly disclosed CVE vulnerabilities affecting codesys control_for_linux_sl (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-47391 | In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. | [email protected] | 7.5 | 1.87% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47390 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47389 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47388 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47387 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47386 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.36% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47385 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.36% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47384 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47383 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47382 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47381 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47380 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.33% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47379 | An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | [email protected] | 8.8 | 1.99% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47378 | Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition. | [email protected] | 6.5 | 0.91% | 2023-05-15 | 2026-06-17 |
| CVE-2022-22508 | Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. | [email protected] | 4.3 | 0.73% | 2023-05-15 | 2026-06-17 |
| CVE-2022-4224 | In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | [email protected] | 8.8 | 0.88% | 2023-03-23 | 2026-06-17 |
| CVE-2022-30792 | In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. | [email protected] | 7.5 | 0.76% | 2022-07-11 | 2026-06-17 |
| CVE-2022-30791 | In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. | [email protected] | 7.5 | 0.76% | 2022-07-11 | 2026-06-17 |
| CVE-2022-22519 | A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | [email protected] | 7.5 | 1.33% | 2022-04-07 | 2026-06-17 |
| CVE-2022-22518 | A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy. | [email protected] | 6.5 | 0.57% | 2022-04-07 | 2026-06-17 |