Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-34583

Summary
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
Published At-26 Oct, 2021 | 09:55
Updated At-16 Sep, 2024 | 20:43
Rejected At-
Credits

CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERTVDE
Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c
Published At:26 Oct, 2021 | 09:55
Updated At:16 Sep, 2024 | 20:43
Rejected At:
▼CVE Numbering Authority (CNA)
CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Affected Products
Vendor
CODESYS GmbHCODESYS
Product
CODESYS V2
Versions
Affected
  • From all web servers before V1.1.9.22 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

CODESYS GmbH has released version V1.1.9.22 of the CODESYS V2 web server to solve the noted vulnerability issues. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup version V2.3.9.68.

Configurations
Workarounds
Exploits
Credits
This vulnerability was discovered by Tenable Research.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
x_refsource_CONFIRM
https://www.tenable.com/security/research/tra-2021-47
x_refsource_MISC
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.tenable.com/security/research/tra-2021-47
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
x_refsource_CONFIRM
x_transferred
https://www.tenable.com/security/research/tra-2021-47
x_refsource_MISC
x_transferred
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.tenable.com/security/research/tra-2021-47
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:info@cert.vde.com
Published At:26 Oct, 2021 | 10:15
Updated At:15 Aug, 2025 | 20:26

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
wago
wago
>>750-823_firmware>>Versions before fw10(exclusive)
cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-823>>-
cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*
wago
wago
>>750-829_firmware>>Versions before fw17(exclusive)
cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-829>>-
cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*
wago
wago
>>750-831_firmware>>Versions before fw17(exclusive)
cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-831>>-
cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*
wago
wago
>>750-832_firmware>>Versions before fw10(exclusive)
cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-832>>-
cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*
wago
wago
>>750-852_firmware>>Versions before fw17(exclusive)
cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-852>>-
cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*
wago
wago
>>750-862_firmware>>Versions before fw10(exclusive)
cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-862>>-
cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*
wago
wago
>>750-880_firmware>>Versions before fw17(exclusive)
cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-880>>-
cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*
wago
wago
>>750-881_firmware>>Versions before fw17(exclusive)
cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-881>>-
cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*
wago
wago
>>750-882_firmware>>Versions before fw17(exclusive)
cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-882>>-
cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*
wago
wago
>>750-885_firmware>>Versions before fw17(exclusive)
cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-885>>-
cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*
wago
wago
>>750-889_firmware>>Versions before fw17(exclusive)
cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-889>>-
cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*
wago
wago
>>750-890_firmware>>Versions before fw10(exclusive)
cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-890>>-
cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*
wago
wago
>>750-891_firmware>>Versions before fw10(exclusive)
cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-891>>-
cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*
wago
wago
>>750-893_firmware>>Versions before fw10(exclusive)
cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-893>>-
cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*
wago
wago
>>750-8202_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8202>>-
cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*
wago
wago
>>750-8203_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8203>>-
cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*
wago
wago
>>750-8204_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8204>>-
cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*
wago
wago
>>750-8206_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8206>>-
cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*
wago
wago
>>750-8207_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8207>>-
cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*
wago
wago
>>750-8208_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8208>>-
cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*
wago
wago
>>750-8210_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8210>>-
cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*
wago
wago
>>750-8211_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8211>>-
cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*
wago
wago
>>750-8212_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8212>>-
cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*
wago
wago
>>750-8213_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8213>>-
cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*
wago
wago
>>750-8214_firmware>>Versions before fw20(exclusive)
cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*
wago
wago
>>750-8214>>-
cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Secondaryinfo@cert.vde.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-122
Type: Secondary
Source: info@cert.vde.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=info@cert.vde.com
Vendor Advisory
https://www.tenable.com/security/research/tra-2021-47info@cert.vde.com
Exploit
Third Party Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.tenable.com/security/research/tra-2021-47af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
Source: info@cert.vde.com
Resource:
Vendor Advisory
Hyperlink: https://www.tenable.com/security/research/tra-2021-47
Source: info@cert.vde.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.tenable.com/security/research/tra-2021-47
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2021-30186
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.81%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5105
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.94%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 14:12
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-codesys3S
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-8836
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-3.32% / 86.76%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 13:00
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.

Action-Not Available
Vendor-wagoWAGO
Product-750-881_firmware750-829_firmware750-885_firmware750-829750-885750-831750-881750-831_firmware750-880750-882_firmware750-880_firmware750-889_firmware750-882750-852_firmware750-852750-889WAGO 750 Series
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1150
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 06:19
Updated-05 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: Series 750-3x/-8x prone to MODBUS server DoS

Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.

Action-Not Available
Vendor-wagoWAGO
Product-750-890_firmware750-890\/025-002750-890\/025-000750-890\/025-001750-823750-832\/000-002750-365\/040-010_firmware750-890\/040-000_firmware750-362\/000-001750-823_firmware750-890750-890\/025-001_firmware750-832750-365\/040-010750-832\/000-002_firmware750-862_firmware750-891750-890\/040-000750-893_firmware750-364\/040-010750-890\/025-002_firmware750-890\/025-000_firmware750-364\/040-010_firmware750-891_firmware750-362\/040-000_firmware750-893750-362750-363\/040-000750-362\/040-000750-363\/040-000_firmware750-362_firmware750-362\/000-001_firmware750-363_firmware750-363750-862750-832_firmware750-332750-890/xxx-xxx750-832/xxx-xxx750-363/xxx-xxx750-893750-823750-362/xxx-xxx750-365/xxx-xxx750-862750-891750-364/xxx-xxx
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-34581
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.58% / 80.85%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 10:33
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: Denial of Service vulnerability inside the OpenSSL implementation

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.

Action-Not Available
Vendor-wagoWAGO
Product-750-831\/000-002750-881_firmware750-880\/040-000750-880\/025-001750-880\/040-000_firmware750-831750-880\/025-002_firmware750-881750-831_firmware750-880750-889_firmware750-880_firmware750-880\/025-000_firmware750-831\/000-002_firmware750-880\/025-000750-889750-880\/025-001_firmware750-880\/025-002750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-34568
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.08%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 15:17
Updated-01 May, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO I/O-Check Service prone to Allocation of Resources Without Limits or Throttling

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.

Action-Not Available
Vendor-wagoWAGO
Product-762-4206\/8000-001_firmware750-8202\/040-001_firmware750-8102\/025-000_firmware762-4303\/8000-002762-4305\/8000-002762-4304\/8000-002_firmware762-4301\/8000-002750-8102762-4301\/8000-002_firmware762-4205\/8000-001762-4203\/8000-001_firmware762-6301\/8000-002_firmware762-4206\/8000-002750-8101_firmware762-5203\/8000-001762-5303\/8000-002762-5306\/8000-002_firmware750-8202\/040-001750-8101\/025-000_firmware750-8102_firmware762-4101_firmware762-4203\/8000-001762-4303\/8000-002_firmware762-4204\/8000-001762-5305\/8000-002_firmware762-6303\/8000-002_firmware762-5304\/8000-002_firmware762-4102_firmware750-8202\/025-000_firmware762-4103_firmware762-6302\/8000-002_firmware762-6302\/8000-002762-5206\/8000-001762-6204\/8000-001_firmware750-8202\/000-011_firmware762-4202\/8000-001_firmware750-8101\/025-000762-4205\/8000-002750-8202\/000-012762-4102762-4201\/8000-001_firmware762-4302\/8000-002_firmware750-8202\/000-022762-5204\/8000-001762-4205\/8000-001_firmware762-4206\/8000-002_firmware762-6203\/8000-001_firmware762-5204\/8000-001_firmware762-4306\/8000-002_firmware762-5203\/8000-001_firmware762-5306\/8000-002762-6304\/8000-002762-4304\/8000-002762-5205\/8000-001762-5205\/8000-001_firmware762-4101762-4306\/8000-002750-8202\/040-000762-5303\/8000-002_firmware750-8202762-4104762-4205\/8000-002_firmware762-6304\/8000-002_firmware750-8202\/025-002762-6303\/8000-002762-4302\/8000-002762-6301\/8000-002762-6201\/8000-001_firmware762-5206\/8000-001_firmware750-8202\/025-002_firmware762-4104_firmware750-8100750-8202\/000-012_firmware750-8101750-8102\/025-000762-4202\/8000-001762-6201\/8000-001750-8202\/025-000762-6202\/8000-001_firmware762-4103750-8202\/025-001_firmware750-8100_firmware750-8202\/000-022_firmware752-8303\/8000-002762-5304\/8000-002750-8202\/000-011762-4201\/8000-001750-8202\/025-001762-4206\/8000-001762-4305\/8000-002_firmware750-8202\/040-000_firmware750-8202_firmware762-6203\/8000-001752-8303\/8000-002_firmware762-6202\/8000-001762-6204\/8000-001762-4204\/8000-001_firmware762-5305\/8000-002750-82xx/xxx-xxx752-8303/8000-0002762-4xxx762-6xxx750-81xx/xxx-xxxFW762-5xxx
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-34593
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.59% / 80.91%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8217_firmware750-8202runtime_toolkit750-8203750-8211750-8212750-8206_firmware750-8202_firmware750-8208_firmware750-8216750-8206750-8207750-8214750-8214_firmware750-8208750-8210_firmware750-8213_firmware750-8204_firmware750-8212_firmwareplcwinnt750-8204750-8210750-8213750-8216_firmware750-8217750-8211_firmware750-8203_firmware750-8207_firmwareCODESYS V2
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-34586
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.69%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-33486
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:58
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-runtime_toolkitn/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2025-41691
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.54%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 08:04
Updated-04 Aug, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Control DoS via Unauthenticated NULL Pointer Dereference

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-Control for BeagleBone SLControl RTE (SL)Control for PFC200 SLControl for WAGO Touch Panels 600 SLControl for Linux SLControl for PLCnext SLControl for Linux ARM SLControl for emPC-A/iMX6 SLControl for PFC100 SLControl Win (SL)Control for IOT2000 SLControl for Raspberry Pi SLControl RTE (for Beckhoff CX) SLVirtual Control SLHMI (SL)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-30195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-29241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.34%
||
7 Day CHG~0.00%
Published-03 May, 2021 | 13:17
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-development_systemcontrol_for_pfc200_slcontrol_for_pfc100_slcontrol_runtime_system_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_for_beaglebone_slcontrol_for_empc-a\/imx6_slgatewaycontrol_for_linux_sledge_gatewayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-12516
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.52%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 03:04
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: PLC families 750-88x and 750-352 prone to DoS attack

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

Action-Not Available
Vendor-wagoWAGO
Product-750-352750-881_firmware750-829_firmware750-331750-885_firmware750-829750-885750-831750-881750-831_firmware750-880750-882_firmware750-352_firmware750-880_firmware750-889_firmware750-882750-852_firmware750-852750-889750-331_firmware750-331/xxx-xxx750-352750-831/xxx-xxx750-889750-880/xxx-xxx750-882750-829750-885750-852750-881
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21000
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.19%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 11:05
Updated-15 Aug, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: PFC200 Denial of Service due to the number of connections to the runtime

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.

Action-Not Available
Vendor-wagoWAGO
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmware750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareSeries Ethernet ControllerSeries PFC200 Controller
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-8175
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.21%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 08:04
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: web server vulnerable to DoS

An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

Action-Not Available
Vendor-CODESYS GmbH
Product-CODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Virtual Control SLCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Runtime ToolkitCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Remote Target Visu ToolkitCODESYS Control for PFC200 SLCODESYS Embedded Target Visu ToolkitCODESYS Control for Linux ARM SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)control_rte_\(for_beckhoff_cx\)_slruntime_toolkitvirtual_control_sl
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-31804
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.71%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Gateway server prone to denial of service attack due to excessive memory allocation

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-gatewayCODESYS Gateway Server V2
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2024-5000
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 08:54
Updated-01 Aug, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

Action-Not Available
Vendor-CODESYS GmbH
Product-CODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control for Raspberry Pi SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Runtime ToolkitCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Control for PFC100 SLCODESYS Control for Linux ARM SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for BeagleBone SLcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_win_\(sl\)control_for_raspberry_pi_slcontrol_for_beaglebone_slruntime_toolkitcontrol_for_linux_arm_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_rte_\(for_beckhoff_cx\)_slhmi_\(sl\)control_rte_\(sl\)control_for_linux_sl
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2022-31803
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 60.30%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Gateway Server V2 prone to Denial of Service Attack

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.

Action-Not Available
Vendor-CODESYS GmbH
Product-gatewayCODESYS Gateway Server V2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-30792
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.48%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 10:40
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_runtime_system_toolkitcontrol_for_pfc100_slhmicontrol_for_empc-a\/imx6control_for_plcnextcontrol_for_beagleboneremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaycontrol_for_pfc200_slembedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_wago_touch_panels_600control_winCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Edge Gateway for WindowsCODESYS Edge Gateway for LinuxCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS GatewayCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS HMI (SL)CODESYS Control RTE (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Development System V3CODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-30791
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 10:40
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_runtime_system_toolkitcontrol_for_pfc100_slhmicontrol_for_empc-a\/imx6control_for_plcnextcontrol_for_beagleboneremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaycontrol_for_pfc200_slembedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_wago_touch_panels_600control_winCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Edge Gateway for WindowsCODESYS Edge Gateway for LinuxCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS GatewayCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS HMI (SL)CODESYS Control RTE (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Development System V3CODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-5188
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.44%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 07:19
Updated-02 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO Improper Input Validation in IEC61850 Server / Telecontrol

The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.

Action-Not Available
Vendor-wagoWAGO
Product-telecontrol_configuratorwagoapprtuWagoAppRTUTelecontrol Configurator
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22517
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:21
Updated-16 Sep, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Components in multiple CODESYS products vulnerable to communication channel disruption

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemhmi_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_for_beaglebone_slremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaycontrol_for_pfc200_slcontrol_for_beckhoff_cx9020embedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_plcnext_slcontrol_for_empc-a\/imx6_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS PLCHandlerCODESYS OPC DA Server SLCODESYS Edge Gateway for WindowsCODESYS Edge Gateway for LinuxCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS GatewayCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS HMI (SL)CODESYS Control RTE (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Development System V3CODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-334
Small Space of Random Values
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2022-22519
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.31% / 78.93%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:21
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemhmi_slcontrol_for_pfc100_slcontrol_runtime_system_toolkitcontrol_for_beaglebone_slremote_target_visu_toolkitcontrol_for_linux_slcontrol_for_pfc200_slcontrol_for_beckhoff_cx9020control_for_iot2000_slcontrol_for_wago_touch_panels_600_slembedded_target_visu_toolkitcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22510
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.36%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 12:26
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Null Pointer Dereference in CODESYS PROFINET stack

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-profinetn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.71%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 15:34
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_for_pfc200control_for_raspberry_picontrol_rtecontrol_for_iot2000hmicontrol_for_empc-a\/imx6linuxruntime_system_toolkitsafety_sil2control_for_beaglebonecontrol_wincontrol_for_pfc100gatewaysimulation_runtimen/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-9012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.29%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 17:47
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-development_systemcontrol_for_pfc200_slcontrol_for_pfc100_slgatewaycontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_for_beaglebone_slcontrol_for_empc-a\/imx6_slcontrol_runtime_toolkitcontrol_for_linux_sln/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-5149
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.08%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 21:59
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14).

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc100pfc200_firmwarepfc100_firmwareWAGO PFC100 FirmwareWAGO PFC200 Firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-36764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.73%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 13:35
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-gatewayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34585
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-30191
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.32%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-47391
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.42%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:59
Updated-17 Jul, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to Improper Input Validation

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control RTE (for Beckhoff CX) SLCODESYS Edge Gateway for WindowsCODESYS Development System V3CODESYS Safety SIL2 PSPCODESYS Control RTE (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control for PLCnext SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS GatewayCODESYS Edge Gateway for LinuxCODESYS Control for BeagleBone SLCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SLCODESYS Control for emPC-A/iMX6 SLCODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Control Runtime System ToolkitCODESYS Control Win (SL)CODESYS Control for IOT2000 SLCODESYS Control for Linux SL
CWE ID-CWE-20
Improper Input Validation
CVE-2019-10953
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.52%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:02
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

Action-Not Available
Vendor-wagon/aABBPhoenix Contact GmbH & Co. KGSiemens AG
Product-ethernet_firmwarebacnet\/ip6es7211-1ae40-0xb0modicon_m221_firmwareknx_ip_firmwareknx_ipethernet6es7314-6eh04-0ab0modicon_m221pm554-tp-eth_firmware6es7314-6eh04-0ab0_firmware6ed1052-1cc01-0ba8pm554-tp-eth6es7211-1ae40-0xb0_firmwarepfc100_firmwarepfc100ilc_151_eth_firmwarebacnet\/ip_firmware6ed1052-1cc01-0ba8_firmwareilc_151_ethABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-15806
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.23%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 18:14
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_rtecontrol_for_iot2000control_runtime_system_toolkithmicontrol_for_empc-a\/imx6control_for_plcnextcontrol_for_beaglebonecontrol_for_raspberry_picontrol_for_pfc100remote_target_visu_toolkitsimulation_runtimecontrol_for_pfc200embedded_target_visu_toolkitcontrol_for_linuxcontrol_for_wago_touch_panels_600control_winn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-47379
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-4.19% / 88.25%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:33
Updated-17 Jul, 2025 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to out-of-bounds write

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47387
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-3.72% / 87.52%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:54
Updated-17 Jul, 2025 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47383
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-3.72% / 87.52%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:44
Updated-17 Jul, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47390
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-3.72% / 87.52%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:58
Updated-17 Jul, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47388
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-3.72% / 87.52%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:56
Updated-17 Jul, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47380
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-3.72% / 87.52%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:40
Updated-17 Jul, 2025 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to out-of-bounds write

An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47382
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-3.72% / 87.52%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:42
Updated-17 Jul, 2025 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47389
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-1.95% / 82.70%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:57
Updated-17 Jul, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47385
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-3.72% / 87.52%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:47
Updated-17 Jul, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34569
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.35%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 15:17
Updated-01 May, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO I/O-Check Service prone to Out-of-bounds Write

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.

Action-Not Available
Vendor-wagoWAGO
Product-762-4206\/8000-001_firmware750-8202\/040-001_firmware750-8102\/025-000_firmware762-4303\/8000-002762-4305\/8000-002762-4304\/8000-002_firmware762-4301\/8000-002750-8102762-4301\/8000-002_firmware762-4205\/8000-001762-4203\/8000-001_firmware762-6301\/8000-002_firmware762-4206\/8000-002750-8101_firmware762-5203\/8000-001762-5303\/8000-002762-5306\/8000-002_firmware750-8202\/040-001750-8101\/025-000_firmware750-8102_firmware762-4101_firmware762-4203\/8000-001762-4303\/8000-002_firmware762-4204\/8000-001762-5305\/8000-002_firmware762-6303\/8000-002_firmware762-5304\/8000-002_firmware762-4102_firmware750-8202\/025-000_firmware762-4103_firmware762-6302\/8000-002_firmware762-6302\/8000-002762-5206\/8000-001762-6204\/8000-001_firmware750-8202\/000-011_firmware762-4202\/8000-001_firmware750-8101\/025-000762-4205\/8000-002750-8202\/000-012762-4102762-4201\/8000-001_firmware762-4302\/8000-002_firmware750-8202\/000-022762-5204\/8000-001762-4205\/8000-001_firmware762-4206\/8000-002_firmware762-6203\/8000-001_firmware762-5204\/8000-001_firmware762-4306\/8000-002_firmware762-5203\/8000-001_firmware762-5306\/8000-002762-6304\/8000-002762-4304\/8000-002762-5205\/8000-001762-5205\/8000-001_firmware762-4101762-4306\/8000-002750-8202\/040-000762-5303\/8000-002_firmware750-8202762-4104762-4205\/8000-002_firmware762-6304\/8000-002_firmware750-8202\/025-002762-6303\/8000-002762-4302\/8000-002762-6301\/8000-002762-6201\/8000-001_firmware762-5206\/8000-001_firmware750-8202\/025-002_firmware762-4104_firmware750-8100750-8202\/000-012_firmware750-8101750-8102\/025-000762-4202\/8000-001762-6201\/8000-001750-8202\/025-000762-6202\/8000-001_firmware762-4103750-8202\/025-001_firmware750-8100_firmware750-8202\/000-022_firmware752-8303\/8000-002762-5304\/8000-002750-8202\/000-011762-4201\/8000-001750-8202\/025-001762-4206\/8000-001762-4305\/8000-002_firmware750-8202\/040-000_firmware750-8202_firmware762-6203\/8000-001752-8303\/8000-002_firmware762-6202\/8000-001762-6204\/8000-001762-4204\/8000-001_firmware762-5305\/8000-002750-82xx/xxx-xxx752-8303/8000-0002762-4xxx762-6xxx750-81xx/xxx-xxxFW762-5xxx
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33485
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 66.72%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:44
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_rtecontrol_runtime_system_toolkithmiembedded_target_visu_toolkitcontrolremote_target_visu_toolkitcontrol_win_sln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30188
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.60%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203v2_runtime_system_sp750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32137
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-1.41% / 79.69%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Runtime System prone to heap based buffer overflow

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.

Action-Not Available
Vendor-CODESYS GmbH
Product-runtime_toolkitplcwinntPLCWinNTRuntime Toolkit
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-49675
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.06%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 11:09
Updated-02 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Out-of-bounds write through corrupted project files

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.

Action-Not Available
Vendor-CODESYS GmbH
Product-CODESYS Development System V2.3development_system
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37557
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.55%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 11:06
Updated-09 Oct, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Heap-based Buffer Overflow in multiple products

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_for_pfc100_slcontrol_runtime_system_toolkithmicontrol_for_beaglebone_slsafety_sil2control_for_linux_slcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Development System V3CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5181
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 23:31
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash.

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5178
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 23:25
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname values that are greater than 1024-len(‘/etc/config-tools/change_hostname hostname=‘) in length. A hostname value of length 0x3fd will cause the service to crash.

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200
CWE ID-CWE-787
Out-of-bounds Write
Details not found