Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CODESYS — Vulnerabilities & Security Advisories 94

Browse all 94 CVE security advisories affecting CODESYS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CODESYS serves as a widely adopted software development environment for industrial automation, enabling the creation of control applications for programmable logic controllers (PLCs). Its extensive use in critical infrastructure has made it a significant target for cyberattacks, resulting in 94 recorded Common Vulnerabilities and Exposures. Historically, the platform has been susceptible to remote code execution, buffer overflows, and privilege escalation flaws, often stemming from insecure default configurations or unpatched legacy components. Notable incidents include the exploitation of the CODESYS Control Win32 service, which allowed attackers to execute arbitrary commands with system-level privileges. These vulnerabilities highlight the risks associated with embedded industrial software, particularly when deployed without rigorous security hardening. The high volume of CVEs underscores the necessity for continuous patch management and secure coding practices within the industrial IoT ecosystem to mitigate potential operational disruptions.

Top products by CODESYS: CODESYS Control RTE (SL) CODESYS Control for BeagleBone SL Runtime Toolkit CODESYS V2 CODESYS Development System CODESYS Gateway Server V2 CODESYS Visualization Control RTE (SL) CODESYS Development System V2.3 CODESYS PLCWinNT CODESYS EtherNetIP CODESYS Installer CODESYS PLCHandler CODESYS Edge Gateway CODESYS Runtime Toolkit CODESYS Control Win (SL) CODESYS Development System V3 3S-Smart CODESYS Gateway Server Control RTE (SL) Control for BeagleBone CODESYS OPC DA Server CODESYS Git CODESYS V3 containing the CmpUserMgr
CVE IDTitleCVSSSeverityPublished
CVE-2023-37551 CODESYS Files or Directories Accessible to External Parties in CmpApp — CODESYS Control for BeagleBone SLCWE-552 6.5 Medium2023-08-03
CVE-2023-37550 CODESYS: Improper Input Validation in CmpApp component — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37549 CODESYS: Improper Input Validation in CmpApp component — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37548 CODESYS: Improper Input Validation in CmpApp component — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37547 CODESYS: Improper Input Validation in CmpApp component — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37546 CODESYS: Improper Input Validation in CmpApp component — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-37545 CODESYS: Improper Input Validation in CmpApp component — CODESYS Control for BeagleBone SLCWE-20 6.5 Medium2023-08-03
CVE-2023-3662 CODESYS: Vulnerability in CODESYS Development System allows for execution of binaries — CODESYS Development SystemCWE-427 7.3 High2023-08-03
CVE-2023-3663 CODESYS: Missing integrity check in CODESYS Development System — CODESYS Development SystemCWE-940 8.8 High2023-08-03
CVE-2023-3670 Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting — CODESYS Development SystemCWE-668 7.3 High2023-07-28
CVE-2022-47393 CODESYS: Multiple products prone to improperly restricted memory operations — CODESYS Control RTE (SL)CWE-119 6.5 Medium2023-05-15
CVE-2022-47392 CODESYS: Multiple products prone to Improper Input Validation — CODESYS Control RTE (SL)CWE-20 6.5 Medium2023-05-15
CVE-2022-47391 CODESYS: Multiple products prone to Improper Input Validation — CODESYS Control RTE (SL)CWE-20 7.5 High2023-05-15
CVE-2022-47390 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47389 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47388 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47387 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47386 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47385 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47384 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47383 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47382 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47381 CODESYS: Multiple products prone to stack based out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47380 CODESYS: Multiple products prone to out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47379 CODESYS: Multiple products prone to out-of-bounds write — CODESYS Control RTE (SL)CWE-787 8.8 High2023-05-15
CVE-2022-47378 CODESYS: Multiple products prone to Improper Input Validation — CODESYS Control RTE (SL)CWE-20 6.5 Medium2023-05-15
CVE-2022-4048 CODESYS V3 prone to Inadequate Encryption Stregth — CODESYS Development System V3CWE-326 7.7 High2023-05-15
CVE-2022-4224 CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3 — Control RTE (SL) CWE-1188 8.8 High2023-03-23
CVE-2018-25048 Codesys Runtime Improper Limitation of a Pathname — Control for BeagleBoneCWE-22 8.8 High2023-03-23
CVE-2020-12069 CODESYS V3 prone to Inadequate Password Hashing — CODESYS V3 containing the CmpUserMgrCWE-916 7.8 High2022-12-26

This page lists every published CVE security advisory associated with CODESYS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.