Product:

Plcwinnt

(Codesys)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 17
Date Id Summary Products Score Patch Annotated
2021-05-25 CVE-2021-30186 CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. Plcwinnt, Runtime_toolkit 7.5
2021-05-25 CVE-2021-30195 CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. Plcwinnt, Runtime_toolkit 7.5
2021-10-26 CVE-2021-34596 A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. Plcwinnt, Runtime_toolkit 6.5
2021-10-26 CVE-2021-34593 In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. Plcwinnt, Runtime_toolkit N/A
2021-10-26 CVE-2021-34595 A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. Plcwinnt, Runtime_toolkit 8.1
2022-06-24 CVE-2022-1965 Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. Plcwinnt, Runtime_toolkit N/A
2022-06-24 CVE-2022-31805 In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. Development_system, Edge_gateway, Gateway, Hmi_sl, Opc_server, Plchandler, Plcwinnt, Runtime_toolkit, Sp_realtime_nt, Web_server N/A