Approved changes feed: RSS · Atom
cpe:2.3:a:codesys:codesys:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Codesys (4a5dbd6f-1914-5b18-8641-403ab498c199) |
|---|---|
| Product | Codesys (ce2275e0-858a-5521-bade-0722e05594e3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-41700 |
vulnerable | 2026-06-03 15:01:15.604848 |
CODESYS Development System - Deserialization of Untrusted Data
HIGH (7.8)
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
Published: 2025-12-01T10:02:47.312Z
Updated: 2025-12-01T13:59:26.310Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34596 |
vulnerable | 2026-06-03 14:44:45.796112 |
CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service
MEDIUM (6.5)
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
Published: 2021-10-26T09:55:54.408Z
Updated: 2024-09-16T22:40:47.921Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34595 |
vulnerable | 2026-06-03 14:44:45.794550 |
CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service
HIGH (8.1)
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
Published: 2021-10-26T09:55:52.868Z
Updated: 2024-09-17T03:42:53.986Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34586 |
vulnerable | 2026-06-03 14:44:45.745956 |
CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS)
HIGH (7.5)
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
Published: 2021-10-26T09:55:49.885Z
Updated: 2024-09-17T03:53:13.043Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34585 |
vulnerable | 2026-06-03 14:44:45.744474 |
CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS)
HIGH (7.5)
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.
Published: 2021-10-26T09:55:48.273Z
Updated: 2024-09-16T21:58:06.631Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34584 |
vulnerable | 2026-06-03 14:44:45.742896 |
CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS)
CRITICAL (9.1)
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
Published: 2021-10-26T09:55:46.638Z
Updated: 2024-09-16T22:25:58.664Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34583 |
vulnerable | 2026-06-03 14:44:45.722069 |
CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)
HIGH (7.5)
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
Published: 2021-10-26T09:55:45.129Z
Updated: 2024-09-16T20:43:32.357Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16265 |
vulnerable | 2026-06-03 14:39:54.188680 |
Details available
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.
Published: 2019-10-25T16:34:57.000Z
Updated: 2024-08-05T01:10:41.592Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13538 |
vulnerable | 2026-06-03 14:39:42.831644 |
Details available
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
Published: 2019-09-17T19:04:54.000Z
Updated: 2024-08-04T23:57:39.147Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.