Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-16265

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Oct, 2019 | 16:34
Updated At-05 Aug, 2024 | 01:10
Rejected At-
Credits

CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Oct, 2019 | 16:34
Updated At:05 Aug, 2024 | 01:10
Rejected At:
▼CVE Numbering Authority (CNA)

CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.codesys.com
x_refsource_MISC
https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf
x_refsource_CONFIRM
Hyperlink: https://www.codesys.com
Resource:
x_refsource_MISC
Hyperlink: https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.codesys.com
x_refsource_MISC
x_transferred
https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.codesys.com
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Oct, 2019 | 17:15
Updated At:28 Oct, 2019 | 14:17

CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
CODESYS GmbH
codesys
>>eni_server>>Versions before 3.2.2.25(exclusive)
cpe:2.3:a:codesys:eni_server:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>eni_server>>Versions before 3.2.2.25(exclusive)
cpe:2.3:a:codesys:eni_server:*:*:*:*:*:*:*:*
CODESYS GmbH
codesys
>>codesys>>Versions from 2.3(inclusive) to 2.3.9.61(exclusive)
cpe:2.3:a:codesys:codesys:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdfcve@mitre.org
Vendor Advisory
https://www.codesys.comcve@mitre.org
Vendor Advisory
Hyperlink: https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-09_LCDS-319.pdf
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.codesys.com
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2563Records found
CVE-2021-33485
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.82%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:44
Updated-29 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_runtime_system_toolkitcontrolhmiembedded_target_visu_toolkitremote_target_visu_toolkitcontrol_rtecontrol_win_sln/a
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30193
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 67.68%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30188
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 69.16%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203v2_runtime_system_sp750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30189
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 69.16%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13548
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-2.40% / 85.43%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 16:58
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_for_pfc200control_for_raspberry_picontrol_rtecontrol_for_iot2000control_runtime_system_toolkithmicontrol_for_empc-a\/imx6embedded_target_visu_toolkitcontrol_for_linuxcontrol_for_beaglebonecontrol_wincontrol_for_pfc100remote_target_visu_toolkitCODESYS V3 web server
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10245
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.41% / 80.99%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 03:45
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_for_pfc200control_for_raspberry_picontrol_rtecontrol_for_iot2000control_runtime_system_toolkithmicontrol_for_empc-a\/imx6embedded_target_visu_toolkitcontrol_for_linuxcontrol_for_plcnextcontrol_for_beaglebonecontrol_wincontrol_for_pfc100remote_target_visu_toolkitn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31802
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 67.75%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-17 Sep, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Partial string comparison in CODESYS gateway server

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

Action-Not Available
Vendor-CODESYS GmbH
Product-gatewayCODESYS Gateway Server V2
CWE ID-CWE-187
Partial String Comparison
CVE-2017-6027
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 83.54%
||
7 Day CHG~0.00%
Published-19 May, 2017 | 02:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-web_server3S-Smart Software Solutions GmbH CODESYS Web Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2017-6025
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 70.84%
||
7 Day CHG~0.00%
Published-19 May, 2017 | 02:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-web_server3S-Smart Software Solutions GmbH CODESYS Web Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-29242
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.32% / 55.35%
||
7 Day CHG~0.00%
Published-03 May, 2021 | 13:56
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_rtecontrol_runtime_system_toolkitcontrol_for_pfc100_slhmicontrol_for_beaglebone_slopc_serverremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaysimulation_runtimeplchandlercontrol_for_pfc200_slembedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_for_linux_arm_slcontrol_for_plcnext_slcontrol_for_empc-a\/imx6_slsafety_silcontrol_winn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-30190
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.98%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-30192
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 67.68%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CVE-2019-9010
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 55.89%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 17:44
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-development_systemcontrol_for_pfc200_slcontrol_for_pfc100_slgatewaycontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_for_beaglebone_slcontrol_for_empc-a\/imx6_slcontrol_runtime_toolkitcontrol_for_linux_sln/a
CVE-2019-18858
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.82%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 17:04
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_for_pfc200control_for_raspberry_picontrol_rtecontrol_for_iot2000control_runtime_system_toolkithmicontrol_for_empc-a\/imx6embedded_target_visu_toolkitcontrol_for_linuxcontrol_for_plcnextcontrol_for_beaglebonecontrol_wincontrol_for_pfc100remote_target_visu_toolkitn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-31806
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 63.97%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNT

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.

Action-Not Available
Vendor-CODESYS GmbH
Product-runtime_toolkitplcwinntCODESYS PLCWinNTCODESYS Runtime Toolkit 32 bit full
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2021-34583
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.69% / 72.43%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47381
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:41
Updated-17 Jul, 2025 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47389
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-3.88% / 88.55%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:57
Updated-17 Jul, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47380
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:40
Updated-17 Jul, 2025 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to out-of-bounds write

An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47388
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:56
Updated-17 Jul, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30186
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 64.29%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5105
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.58%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 14:12
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-codesys3S
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49675
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.32%
||
7 Day CHG+0.02%
Published-06 May, 2024 | 11:09
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Out-of-bounds write through corrupted project files

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.

Action-Not Available
Vendor-CODESYS GmbH
Product-CODESYS Development System V2.3development_system
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37557
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.37%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 11:06
Updated-09 Oct, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Heap-based Buffer Overflow in multiple products

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_for_pfc100_slcontrol_runtime_system_toolkithmicontrol_for_beaglebone_slsafety_sil2control_for_linux_slcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Development System V3CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47382
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:42
Updated-17 Jul, 2025 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47383
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:44
Updated-17 Jul, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47386
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:49
Updated-17 Jul, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47384
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:46
Updated-17 Jul, 2025 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47379
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.42% / 85.50%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:33
Updated-17 Jul, 2025 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to out-of-bounds write

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47387
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:54
Updated-17 Jul, 2025 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47390
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:58
Updated-17 Jul, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47385
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.23%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:47
Updated-17 Jul, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5099
Matching Score-4
Assigner-KoreLogic Security
ShareView Details
Matching Score-4
Assigner-KoreLogic Security
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 77.87%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 01:05
Updated-08 Oct, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KL-001-2025-004: Mobile Dynamix PrinterShare Mobile Print Out-of-bounds Write

An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.

Action-Not Available
Vendor-dynamixsoftwareMobile Dynamix
Product-printersharePrinterShare Mobile Print
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7943
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-4.71% / 89.65%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.

Action-Not Available
Vendor-n/aX.Org FoundationFedora Project
Product-libx11fedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-47785
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7||HIGH
EPSS-0.11% / 28.70%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-09 Feb, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ether_MP3_CD_Burner 1.3.8 - Buffer Overflow (SEH)

Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting improper input validation.

Action-Not Available
Vendor-ethersoftwareMp3-Avi-Mpeg-Wmv-Rm-To-Audio-Cd-Burner
Product-ether_mp3_cd_burnerEther_MP3_CD_Burner
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.33%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803ax1803_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-1010039
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-0.86% / 75.56%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 13:01
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

uLaunchELF < commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program (loader.c) overly trusts the arguments provided via command line.

Action-Not Available
Vendor-ulaunchelf_projectuLaunchELF
Product-ulaunchelfuLaunchELF
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-49709
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.81%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 12:07
Updated-13 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory corruption in canvas surfaces

Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7950
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-0.75% / 73.61%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.

Action-Not Available
Vendor-n/aX.Org FoundationFedora Project
Product-libxrenderfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-49492
Matching Score-4
Assigner-ASR Microelectronics Co., Ltd.
ShareView Details
Matching Score-4
Assigner-ASR Microelectronics Co., Ltd.
CVSS Score-7.4||HIGH
EPSS-0.33% / 56.64%
||
7 Day CHG~0.00%
Published-01 Jul, 2025 | 10:52
Updated-22 Dec, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds write in lte-telephony

Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun.  This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Action-Not Available
Vendor-ASR (ASR Microelectronics Co., Ltd.)
Product-asr1901kestrelasr1803asr1806falcon_linuxasr1903lapwing_linuxFalcon_Linux、Kestrel、Lapwing_Linux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51963
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.33%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-47774
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.12% / 31.20%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 15:52
Updated-16 Jan, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kingdia CD Extractor 3.0.2 - Buffer Overflow (SEH)

Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 256 bytes to overwrite Structured Exception Handler and gain remote code execution through a bind shell.

Action-Not Available
Vendor-En
Product-Kingdia CD Extractor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-0626
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-56.22% / 98.16%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-14224
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-9.8||CRITICAL
EPSS-1.67% / 82.61%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 22:11
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-notesHCL Notes
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7948
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-3.14% / 87.22%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.

Action-Not Available
Vendor-n/aX.Org FoundationFedora Project
Product-libxrandrfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7942
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-3.16% / 87.24%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.

Action-Not Available
Vendor-n/aX.Org FoundationFedora Project
Product-libx11fedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4843
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.50% / 66.55%
||
7 Day CHG~0.00%
Published-17 May, 2025 | 23:31
Updated-04 Jun, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-932L udev SubUPnPCSInit stack-based overflow

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-932l_firmwaredcs-932lDCS-932L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-47772
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.16% / 36.57%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 15:52
Updated-23 Jan, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH)

10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text file with carefully constructed payload to trigger a reverse shell and execute arbitrary code on the target system.

Action-Not Available
Vendor-10-strike10-Strike
Product-network_inventory_explorerStrike Network Inventory Explorer Pro
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50992
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.84%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45957
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 11.92%
||
7 Day CHG~0.00%
Published-31 Dec, 2021 | 23:53
Updated-04 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

Action-Not Available
Vendor-thekelleysn/a
Product-dnsmasqn/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 51
  • 52
  • Next
Details not found