CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCodesys Control
APPCodesys< 4.2.0.0≤ 4.2.0.0Codesys Control Rte
APPCodesys< 3.5.17.10Codesys Control Runtime System Toolkit
APPCodesys< 3.5.17.10Codesys Control Win Sl
APPCodesys< 3.5.17.10Codesys Embedded Target Visu Toolkit
APPCodesys< 3.5.17.10Codesys Hmi
APPCodesys< 3.5.17.10Codesys Remote Target Visu Toolkit
APPCodesys< 3.5.17.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
Related vulnerabilities
CVE-2020-10245CRITICAL9.8ten sam produkt
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
CVE-2019-18858CRITICAL9.8ten sam produkt
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overf...
CVE-2019-13548CRITICAL9.8ten sam produkt
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or h...
CVE-2018-10612CRITICAL9.8ten sam produkt
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access managem...
CVE-2025-41738HIGH7.5ten sam produkt
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to...