CVE-2022-22517

Overview

CODESYS
CODESYS Control RTE (SL)

07 Apr 2022

Published

16 Sep 2024

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.68%

MITRE

KEV

Description

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago

CVE-2021-29239

Overview

Pending

03 May 2021

Published

03 Aug 2024

Updated

CVSS

Pending

EPSS

0.03%

MITRE

KEV

Description

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago

CVE-2021-36763

Overview

Pending

03 Aug 2021

Published

04 Aug 2024

Updated

CVSS

Pending

EPSS

0.23%

MITRE

KEV

Description

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago

CVE-2022-47383

Overview

CODESYS
CODESYS Control RTE (SL)

15 May 2023

Published

05 Mar 2025

Updated

CVSS v3.1

HIGH (8.8)

EPSS

5.42%

MITRE

KEV

Description

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago

CVE-2021-21866

Overview

CODESYS

02 Aug 2021

Published

03 Aug 2024

Updated

CVSS v3.0

HIGH (8.8)

EPSS

0.09%

MITRE

KEV

Description

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago

CVE-2019-9012

Overview

Pending

15 Aug 2019

Published

04 Aug 2024

Updated

CVSS

Pending

EPSS

0.14%

MITRE

KEV

Description

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago

CVE-2023-3669

Overview

CODESYS
CODESYS Development System

03 Aug 2023

Published

27 Feb 2025

Updated

CVSS v3.1

LOW (3.3)

EPSS

0.05%

MITRE

KEV

Description

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago

CVE-2021-21865

Overview

CODESYS

02 Aug 2021

Published

03 Aug 2024

Updated

CVSS v3.0

HIGH (8.8)

EPSS

0.06%

MITRE

KEV

Description

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago

CVE-2021-29241

Overview

Pending

03 May 2021

Published

03 Aug 2024

Updated

CVSS

Pending

EPSS

0.41%

MITRE

KEV

Description

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago

CVE-2022-1989

Overview

CODESYS
CODESYS Visualization

23 Aug 2022

Published

16 Sep 2024

Updated

CVSS v3.1

MEDIUM (5.3)

EPSS

0.24%

MITRE

KEV

Description

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.

Statistics

1 Post
2 Interactions

Last activity: 22 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-108
Several CODESYS vulnerabilities in Festo Automation Suite

Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently.
#CVE CVE-2023-3935, CVE-2022-31806, CVE-2021-33485, CVE-2021-30190, CVE-2021-30188, CVE-2020-14517, CVE-2020-14509, CVE-2020-10245, CVE-2019-9010, CVE-2019-18858, CVE-2019-13548, CVE-2018-10612, CVE-2022-47382, CVE-2023-6357, CVE-2023-3663, CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-4224, CVE-2022-4046, CVE-2022-32143, CVE-2022-32138, CVE-2022-32137, CVE-2019-9013, CVE-2019-9008, CVE-2019-13538, CVE-2025-41659, CVE-2022-32142, CVE-2022-22515, CVE-2022-1965, CVE-2021-34595, CVE-2023-49675, CVE-2022-22516, CVE-2021-29240, CVE-2021-29239, CVE-2021-21869, CVE-2021-21868, CVE-2021-21867, CVE-2021-21866, CVE-2021-21865, CVE-2021-21864, CVE-2021-21863, CVE-2020-12069, CVE-2010-5250, CVE-2022-4048, CVE-2025-1468, CVE-2024-8175, CVE-2024-5000, CVE-2022-47391, CVE-2022-31805, CVE-2022-30792, CVE-2022-30791, CVE-2022-22519, CVE-2022-22517, CVE-2021-36765, CVE-2021-36764, CVE-2021-36763, CVE-2021-34593, CVE-2021-33486, CVE-2021-30195, CVE-2021-30186, CVE-2021-29241, CVE-2020-16233, CVE-2020-15806, CVE-2020-14519, CVE-2020-14515, CVE-2020-14513, CVE-2020-12067, CVE-2019-9012, CVE-2019-9009, CVE-2019-5105, CVE-2019-13532, CVE-2018-20026, CVE-2018-20025, CVE-2023-3670, CVE-2023-3662, CVE-2021-29242, CVE-2022-22514, CVE-2020-11023, CVE-2025-0694, CVE-2023-37559, CVE-2023-37558, CVE-2023-37557, CVE-2023-37556, CVE-2023-37555, CVE-2023-37554, CVE-2023-37553, CVE-2023-37552, CVE-2023-37551, CVE-2023-37550, CVE-2023-37549, CVE-2023-37548, CVE-2023-37547, CVE-2023-37546, CVE-2023-37545, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378, CVE-2022-32141, CVE-2022-32140, CVE-2022-32139, CVE-2022-32136, CVE-2022-22513, CVE-2021-34596, CVE-2020-7052, CVE-2020-12068, CVE-2019-19789, CVE-2019-13542, CVE-2018-0739, CVE-2025-41658, CVE-2023-49676, CVE-2022-1989, CVE-2021-30187, CVE-2019-9011, CVE-2017-3735, CVE-2025-2595, CVE-2022-22508, CVE-2023-3669

https://certvde.com/en/advisories/vde-2025-108/

#CSAF https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json

1
1
0
22h ago