Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-36764

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Aug, 2021 | 13:35
Updated At-04 Aug, 2024 | 01:01
Rejected At-
Credits

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Aug, 2021 | 13:35
Updated At:04 Aug, 2024 | 01:01
Rejected At:
▼CVE Numbering Authority (CNA)

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=
x_refsource_CONFIRM
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=
x_refsource_CONFIRM
x_transferred
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Aug, 2021 | 14:15
Updated At:11 Aug, 2021 | 00:09

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
CODESYS GmbH
codesys
>>gateway>>Versions from 3.0(inclusive) to 3.5.17.10(exclusive)
cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=cve@mitre.org
Broken Link
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=
Source: cve@mitre.org
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

861Records found
CVE-2021-34586
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.69%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-29241
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.34%
||
7 Day CHG~0.00%
Published-03 May, 2021 | 13:17
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-development_systemcontrol_for_pfc200_slcontrol_for_pfc100_slcontrol_runtime_system_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_for_beaglebone_slcontrol_for_empc-a\/imx6_slgatewaycontrol_for_linux_sledge_gatewayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-22510
Matching Score-10
Assigner-CERT@VDE
ShareView Details
Matching Score-10
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.36%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 12:26
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Null Pointer Dereference in CODESYS PROFINET stack

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-profinetn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34593
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.59% / 80.91%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8217_firmware750-8202runtime_toolkit750-8203750-8211750-8212750-8206_firmware750-8202_firmware750-8208_firmware750-8216750-8206750-8207750-8214750-8214_firmware750-8208750-8210_firmware750-8213_firmware750-8204_firmware750-8212_firmwareplcwinnt750-8204750-8210750-8213750-8216_firmware750-8217750-8211_firmware750-8203_firmware750-8207_firmwareCODESYS V2
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-34583
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-3.82% / 87.67%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33486
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 15:58
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-runtime_toolkitn/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-30195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30186
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.81%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8175
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.21%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 08:04
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: web server vulnerable to DoS

An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

Action-Not Available
Vendor-CODESYS GmbH
Product-CODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Virtual Control SLCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Runtime ToolkitCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Remote Target Visu ToolkitCODESYS Control for PFC200 SLCODESYS Embedded Target Visu ToolkitCODESYS Control for Linux ARM SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)control_rte_\(for_beckhoff_cx\)_slruntime_toolkitvirtual_control_sl
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-31804
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.71%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Gateway server prone to denial of service attack due to excessive memory allocation

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-gatewayCODESYS Gateway Server V2
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2024-5000
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 08:54
Updated-01 Aug, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

Action-Not Available
Vendor-CODESYS GmbH
Product-CODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control for Raspberry Pi SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Runtime ToolkitCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Control for PFC100 SLCODESYS Control for Linux ARM SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for BeagleBone SLcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_win_\(sl\)control_for_raspberry_pi_slcontrol_for_beaglebone_slruntime_toolkitcontrol_for_linux_arm_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_rte_\(for_beckhoff_cx\)_slhmi_\(sl\)control_rte_\(sl\)control_for_linux_sl
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2022-31803
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 60.30%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Gateway Server V2 prone to Denial of Service Attack

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.

Action-Not Available
Vendor-CODESYS GmbH
Product-gatewayCODESYS Gateway Server V2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-30792
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.48%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 10:40
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_runtime_system_toolkitcontrol_for_pfc100_slhmicontrol_for_empc-a\/imx6control_for_plcnextcontrol_for_beagleboneremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaycontrol_for_pfc200_slembedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_wago_touch_panels_600control_winCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Edge Gateway for WindowsCODESYS Edge Gateway for LinuxCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS GatewayCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS HMI (SL)CODESYS Control RTE (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Development System V3CODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-30791
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 10:40
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_runtime_system_toolkitcontrol_for_pfc100_slhmicontrol_for_empc-a\/imx6control_for_plcnextcontrol_for_beagleboneremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaycontrol_for_pfc200_slembedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_wago_touch_panels_600control_winCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Edge Gateway for WindowsCODESYS Edge Gateway for LinuxCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS GatewayCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS HMI (SL)CODESYS Control RTE (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Development System V3CODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-22517
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:21
Updated-16 Sep, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Components in multiple CODESYS products vulnerable to communication channel disruption

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemhmi_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_for_beaglebone_slremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaycontrol_for_pfc200_slcontrol_for_beckhoff_cx9020embedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_plcnext_slcontrol_for_empc-a\/imx6_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS PLCHandlerCODESYS OPC DA Server SLCODESYS Edge Gateway for WindowsCODESYS Edge Gateway for LinuxCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS GatewayCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS HMI (SL)CODESYS Control RTE (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Development System V3CODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-334
Small Space of Random Values
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2022-22519
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.31% / 78.93%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:21
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemhmi_slcontrol_for_pfc100_slcontrol_runtime_system_toolkitcontrol_for_beaglebone_slremote_target_visu_toolkitcontrol_for_linux_slcontrol_for_pfc200_slcontrol_for_beckhoff_cx9020control_for_iot2000_slcontrol_for_wago_touch_panels_600_slembedded_target_visu_toolkitcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-9009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.71%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 15:34
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_for_pfc200control_for_raspberry_picontrol_rtecontrol_for_iot2000hmicontrol_for_empc-a\/imx6linuxruntime_system_toolkitsafety_sil2control_for_beaglebonecontrol_wincontrol_for_pfc100gatewaysimulation_runtimen/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-9012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.29%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 17:47
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-development_systemcontrol_for_pfc200_slcontrol_for_pfc100_slgatewaycontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_for_beaglebone_slcontrol_for_empc-a\/imx6_slcontrol_runtime_toolkitcontrol_for_linux_sln/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-5105
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.94%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 14:12
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-codesys3S
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34585
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 09:55
Updated-15 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS)

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

Action-Not Available
Vendor-wagoCODESYS GmbH
Product-750-8202750-831750-832_firmware750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-881750-885_firmware750-829750-880750-8210_firmware750-823750-8203_firmware750-8213_firmware750-8214_firmware750-823_firmware750-881_firmware750-8212_firmware750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-891750-8212750-890_firmware750-8206_firmware750-8208_firmwarecodesys750-832750-882750-852750-890750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891_firmwareCODESYS V2
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-30191
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.32%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-47391
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.42%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:59
Updated-17 Jul, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to Improper Input Validation

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control RTE (for Beckhoff CX) SLCODESYS Edge Gateway for WindowsCODESYS Development System V3CODESYS Safety SIL2 PSPCODESYS Control RTE (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control for PLCnext SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS GatewayCODESYS Edge Gateway for LinuxCODESYS Control for BeagleBone SLCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SLCODESYS Control for emPC-A/iMX6 SLCODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Control Runtime System ToolkitCODESYS Control Win (SL)CODESYS Control for IOT2000 SLCODESYS Control for Linux SL
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15806
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.23%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 18:14
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-control_rtecontrol_for_iot2000control_runtime_system_toolkithmicontrol_for_empc-a\/imx6control_for_plcnextcontrol_for_beaglebonecontrol_for_raspberry_picontrol_for_pfc100remote_target_visu_toolkitsimulation_runtimecontrol_for_pfc200embedded_target_visu_toolkitcontrol_for_linuxcontrol_for_wago_touch_panels_600control_winn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-13542
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.81%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 18:56
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.

Action-Not Available
Vendor-GmbHCODESYS GmbH
Product-control_for_pfc200control_for_raspberry_picontrol_rtecontrol_for_iot2000control_for_empc-a\/imx6linuxruntime_system_toolkitcontrol_for_beaglebonecontrol_wincontrol_for_pfc1003S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-22513
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 66.88%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:21
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Pointer Dereference in multiple CODESYS products can lead to a DoS.

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemhmi_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_for_beaglebone_slremote_target_visu_toolkitgatewaycontrol_for_linux_sledge_gatewaycontrol_for_pfc200_slcontrol_for_beckhoff_cx9020embedded_target_visu_toolkitcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_plcnext_slcontrol_for_empc-a\/imx6_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Edge Gateway for WindowsCODESYS Edge Gateway for LinuxCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS GatewayCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS HMI (SL)CODESYS Control RTE (SL)CODESYS Remote Target Visu ToolkitCODESYS Embedded Target Visu ToolkitCODESYS Development System V3CODESYS Control for PFC200 SLCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)CODESYS Control for Beckhoff CX9020 SL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-36765
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.49%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 13:22
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-ethernetipn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19789
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.32%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 12:43
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-runtime_toolkitsp_realtime_ntplcwinntn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-4912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.81%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.

Action-Not Available
Vendor-openslpn/a
Product-openslpn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-0203
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-4.30% / 88.42%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 15:59
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-subversionApache Subversion
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34969
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.85%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 01:49
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference.

Action-Not Available
Vendor-pingcapn/a
Product-tidbn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-38177
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-3.08% / 86.22%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.

Action-Not Available
Vendor-SAP SE
Product-commoncryptolibSAP CommonCryptoLib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1752
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.61% / 90.80%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Fedora ProjectThe Apache Software FoundationApple Inc.
Product-ubuntu_linuxfedoradebian_linuxmac_os_xsubversionn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-9240
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 22:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.

Action-Not Available
Vendor-ncmpc_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxncmpcdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-0751
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.80% / 87.62%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.

Action-Not Available
Vendor-libnids_projectn/aFedora Project
Product-libnidsfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-1999-0052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 76.80%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

Action-Not Available
Vendor-bsdin/absdiOpenBSDFreeBSD Foundation
Product-bsd_osopenbsdfreebsdn/aopenbsdfreebsdbsd_os
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-0709
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.16%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-27532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.09%
||
7 Day CHG+0.01%
Published-08 Nov, 2024 | 00:00
Updated-19 Nov, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types.

Action-Not Available
Vendor-n/abytecodealliance
Product-n/awebassembly_micro_runtime
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-7052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.55%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.

Action-Not Available
Vendor-irssin/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxirssidebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-7262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 70.46%
||
7 Day CHG~0.00%
Published-19 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora Project
Product-cephfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-5304
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.38% / 86.89%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 19:35
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

Action-Not Available
Vendor-libvncserver_projectn/aFedora Project
Product-libvncserverfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-4816
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 77.92%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 13:44
Updated-07 Aug, 2024 | 04:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdFreeBSD and OpenBSD ftpd service
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-6644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.49%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.

Action-Not Available
Vendor-sblim_projectn/a
Product-small_footprint_cim_brokern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-8740
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.04% / 92.30%
||
7 Day CHG~0.00%
Published-17 Mar, 2018 | 00:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

Action-Not Available
Vendor-sqliten/aDebian GNU/Linux
Product-sqlitedebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-7336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.14%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-6951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-23.09% / 95.71%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 19:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Action-Not Available
Vendor-n/aCanonical Ltd.GNU
Product-patchubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-7285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.46%
||
7 Day CHG~0.00%
Published-22 Feb, 2018 | 00:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10708
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 78.00%
||
7 Day CHG~0.00%
Published-21 Jan, 2018 | 22:00
Updated-06 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxNetApp, Inc.OpenBSD
Product-ubuntu_linuxclustered_data_ontapdebian_linuxcloud_backupdata_ontapservice_processoropensshdata_ontap_edgestoragegrid_webscalevasa_provideroncommand_unified_managerstoragegridn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-6197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.60%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 03:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

Action-Not Available
Vendor-tatsn/aCanonical Ltd.
Product-ubuntu_linuxw3mn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-6343
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-31 Dec, 2018 | 22:00
Updated-06 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.

Action-Not Available
Vendor-Facebook
Product-proxygenProxygen
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
CVE-2025-8183
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.75%
||
7 Day CHG+0.01%
Published-25 Jul, 2025 | 09:33
Updated-11 Aug, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in µD3TN

NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS

Action-Not Available
Vendor-d3tnD3TN GmbH
Product-ud3tnµD3TN
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 17
  • 18
  • Next
Details not found