Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CODESYS — Vulnerabilities & Security Advisories 94

Browse all 94 CVE security advisories affecting CODESYS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CODESYS serves as a widely adopted software development environment for industrial automation, enabling the creation of control applications for programmable logic controllers (PLCs). Its extensive use in critical infrastructure has made it a significant target for cyberattacks, resulting in 94 recorded Common Vulnerabilities and Exposures. Historically, the platform has been susceptible to remote code execution, buffer overflows, and privilege escalation flaws, often stemming from insecure default configurations or unpatched legacy components. Notable incidents include the exploitation of the CODESYS Control Win32 service, which allowed attackers to execute arbitrary commands with system-level privileges. These vulnerabilities highlight the risks associated with embedded industrial software, particularly when deployed without rigorous security hardening. The high volume of CVEs underscores the necessity for continuous patch management and secure coding practices within the industrial IoT ecosystem to mitigate potential operational disruptions.

Top products by CODESYS: CODESYS Control RTE (SL) CODESYS Control for BeagleBone SL Runtime Toolkit CODESYS V2 CODESYS Development System CODESYS Gateway Server V2 CODESYS Visualization Control RTE (SL) CODESYS Development System V2.3 CODESYS PLCWinNT CODESYS EtherNetIP CODESYS Installer CODESYS PLCHandler CODESYS Edge Gateway CODESYS Runtime Toolkit CODESYS Control Win (SL) CODESYS Development System V3 3S-Smart CODESYS Gateway Server Control RTE (SL) Control for BeagleBone CODESYS OPC DA Server CODESYS Git CODESYS V3 containing the CmpUserMgr
CVE IDTitleCVSSSeverityPublished
CVE-2022-1989 CODESYS Visualization vulnerable to user enumeration — CODESYS VisualizationCWE-204 5.3 Medium2022-08-23
CVE-2022-30792 CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels — CODESYS Control RTE (SL)CWE-400 7.5 High2022-07-11
CVE-2022-30791 CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections — CODESYS Control RTE (SL)CWE-400 7.5 High2022-07-11
CVE-2022-1794 Plaintext Storage of a password in CODESYS V3 OPC DA Server — CODESYS OPC DA ServerCWE-256 5.5 Medium2022-07-11
CVE-2022-32143 CODESYS runtime system prone to directory acces — Runtime ToolkitCWE-552 8.8 High2022-06-24
CVE-2022-32142 CODESYS runtime system prone to denial of service due to use of out of range pointer — Runtime ToolkitCWE-823 8.1 High2022-06-24
CVE-2022-32141 CODESYS runtime system prone to denial of service due to buffer over read — Runtime ToolkitCWE-126 6.5 Medium2022-06-24
CVE-2022-32140 CODESYS runtime system prone to denial of service due to buffer copy — Runtime ToolkitCWE-120 6.5 Medium2022-06-24
CVE-2022-32139 CODESYS runtime system prone to denial of service due to out of bounds read — Runtime ToolkitCWE-125 6.5 Medium2022-06-24
CVE-2022-32138 CODESYS runtime system prone to denial of service due to Unexpected Sign Extension — Runtime ToolkitCWE-194 8.8 High2022-06-24
CVE-2022-32137 CODESYS Runtime System prone to heap based buffer overflow — Runtime ToolkitCWE-122 8.8 High2022-06-24
CVE-2022-32136 Codesys runtime systems: Access of uninitialised pointer lead to denial of service. — Runtime ToolkitCWE-824 6.5 Medium2022-06-24
CVE-2022-31806 Insecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNT — CODESYS PLCWinNTCWE-1188 9.8 Critical2022-06-24
CVE-2022-31805 Insecure transmission of credentials — CODESYS Development SystemCWE-523 7.5 High2022-06-24
CVE-2022-31804 CODESYS Gateway server prone to denial of service attack due to excessive memory allocation — CODESYS Gateway Server V2CWE-789 7.5 High2022-06-24
CVE-2022-31803 CODESYS Gateway Server V2 prone to Denial of Service Attack — CODESYS Gateway Server V2CWE-400 5.3 Medium2022-06-24
CVE-2022-31802 Partial string comparison in CODESYS gateway server — CODESYS Gateway Server V2CWE-187 9.8 Critical2022-06-24
CVE-2022-1965 CODESYS runtime system prone to file deletion due to improper error handling — Runtime ToolkitCWE-755 8.1 High2022-06-24
CVE-2022-22519 Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system. — CODESYS Control RTE (SL)CWE-126 7.5 High2022-04-07
CVE-2022-22518 A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy. — CODESYS Control for BeagleBone SLCWE-276 6.5 Medium2022-04-07
CVE-2022-22517 Communication Components in multiple CODESYS products vulnerable to communication channel disruption — CODESYS Control RTE (SL)CWE-334 7.5 High2022-04-07
CVE-2022-22516 CODESYS driver SysDrv3S allows SYSTEM users on Microsoft Windows to read and write in restricted memory space. — CODESYS Control RTE (SL)CWE-732 7.8 High2022-04-07
CVE-2022-22515 A component of the CODESYS Control runtime system allows read and write access to configuration files — CODESYS Control RTE (SL)CWE-668 8.1 High2022-04-07
CVE-2022-22514 Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS. — CODESYS Control RTE (SL)CWE-822 7.1 High2022-04-07
CVE-2022-22513 Null Pointer Dereference in multiple CODESYS products can lead to a DoS. — CODESYS Control RTE (SL)CWE-476 6.5 Medium2022-04-07
CVE-2021-34599 Improper Certificate Validation in CODESYS Git — CODESYS GitCWE-295 7.4 High2021-12-01
CVE-2021-34596 CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service — CODESYS V2CWE-824 6.5 Medium2021-10-26
CVE-2021-34595 CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service — CODESYS V2CWE-823 8.1 High2021-10-26
CVE-2021-34593 CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service — CODESYS V2CWE-755 7.5 High2021-10-26
CVE-2021-34586 CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS) — CODESYS V2CWE-476 7.5 High2021-10-26

This page lists every published CVE security advisory associated with CODESYS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.