Codesys Security Vulnerabilities (CVEs)
Track 42 security vulnerabilities affecting Codesys products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
An unauthenticated attacker can execute arbitrary code by tricking a user into opening a malicious CODESYS project file. The code runs with the user's...
Dec 1, 2025An out-of-bounds read vulnerability in the OSCAT Basic Library used in CODESYS PLC systems allows local unprivileged attackers to read limited interna...
Sep 10, 2024This vulnerability allows low-privileged remote attackers to execute arbitrary system commands through file system libraries, potentially gaining full...
Dec 5, 2023This vulnerability in CODESYS Development System allows attackers to execute arbitrary binaries from the current working directory with the user's pri...
Aug 3, 2023CVE-2023-3670 is a local privilege escalation vulnerability in CODESYS Development System and CODESYS Scripting where insecure directory permissions a...
Jul 28, 2023CVE-2022-47387 is a stack-based out-of-bounds write vulnerability in the CmpTraceMgr component of CODESYS industrial automation software. Authenticate...
May 15, 2023This vulnerability allows authenticated remote attackers to exploit a stack-based out-of-bounds write in the CmpTraceMgr component of CODESYS products...
May 15, 2023CVE-2022-47391 is an improper input validation vulnerability in multiple CODESYS products that allows unauthorized remote attackers to read from inval...
May 15, 2023CVE-2022-47379 is an out-of-bounds write vulnerability in multiple CODESYS industrial automation products that allows authenticated remote attackers t...
May 15, 2023This vulnerability allows authenticated remote attackers to exploit a stack-based out-of-bounds write in multiple CODESYS products, potentially leadin...
May 15, 2023An authenticated remote attacker can exploit a stack-based out-of-bounds write vulnerability in the CmpTraceMgr component of CODESYS products to cause...
May 15, 2023An authenticated remote attacker can exploit a stack-based out-of-bounds write vulnerability in the CmpAppForce component of CODESYS products to cause...
May 15, 2023CVE-2022-30792 is a denial-of-service vulnerability in CODESYS V3's CmpChannelServer component that allows unauthorized attackers to consume resources...
Jul 11, 2022CVE-2022-32142 is an out-of-bounds read/write vulnerability in multiple CODESYS products that allows low-privileged remote attackers to cause denial-o...
Jun 24, 2022CVE-2022-1965 is an improper error handling vulnerability in multiple CODESYS products that allows low-privilege remote attackers to delete arbitrary ...
Jun 24, 2022CVE-2022-31802 is an authentication bypass vulnerability in CODESYS Gateway Server V2 where only a portion of the password is validated. Attackers can...
Jun 24, 2022CVE-2022-31804 is a memory allocation vulnerability in CODESYS Gateway Server V2 where unauthenticated attackers can send oversized requests to cause ...
Jun 24, 2022CODESYS V2 PLCWinNT and Runtime Toolkit 32 versions before V2.4.7.57 have password protection disabled by default with no prompt to enable it. This al...
Jun 24, 2022CVE-2022-32137 is a heap-based buffer overflow vulnerability in multiple CODESYS products that allows low-privileged remote attackers to cause denial-...
Jun 24, 2022CVE-2022-22514 is a memory corruption vulnerability in CODESYS Control runtime systems that allows authenticated remote attackers to cause denial of s...
Apr 7, 2022The SysDrv3S driver in CODESYS Control runtime system on Windows allows any system user to read and write restricted memory space. This vulnerability ...
Apr 7, 2022CVE-2022-22519 is a buffer over-read vulnerability in CODESYS Control runtime system webserver that allows remote, unauthenticated attackers to crash ...
Apr 7, 2022CVE-2022-22510 is a null pointer dereference vulnerability in Codesys Profinet V4.2.0.0 that allows unauthenticated attackers to cause denial of servi...
Feb 2, 2022CVE-2021-34599 is a certificate validation vulnerability in CODESYS Git versions prior to V1.1.0.0 that allows man-in-the-middle attacks by not verify...
Dec 1, 2021CVE-2021-34595 is an out-of-bounds read/write vulnerability in CODESYS V2 Runtime Toolkit and PLCWinNT software. Attackers can send crafted requests w...
Oct 26, 2021CVE-2021-34584 is a buffer over-read vulnerability in the CODESYS V2 web server that allows attackers to read partial stack or heap memory or cause de...
Oct 26, 2021CVE-2021-34586 is a null pointer dereference vulnerability in the CODESYS V2 web server that allows crafted web requests to cause denial-of-service co...
Oct 26, 2021This CVE describes an unsafe deserialization vulnerability in CODESYS Development System that allows arbitrary command execution when processing malic...
Aug 25, 2021This CVE describes an unsafe deserialization vulnerability in CODESYS Development System that allows arbitrary command execution when processing malic...
Aug 18, 2021This CVE describes an unsafe deserialization vulnerability in CODESYS Development System's Profile.FromFile() function. Attackers can craft malicious ...
Aug 5, 2021CVE-2021-36764 is a NULL pointer dereference vulnerability in CODESYS Gateway V3 that allows attackers to cause denial-of-service conditions by sendin...
Aug 4, 2021CVE-2021-33485 is a critical heap-based buffer overflow vulnerability in CODESYS Control Runtime systems. Successful exploitation could allow remote a...
Aug 3, 2021CVE-2021-36763 is a directory traversal vulnerability in CODESYS V3 web server that allows external attackers to access files or directories they shou...
Aug 3, 2021This CVE-2021-21865 is an unsafe deserialization vulnerability in CODESYS Development System that allows arbitrary command execution when processing m...
Aug 2, 2021CVE-2021-30186 is a heap-based buffer overflow vulnerability in CODESYS V2 runtime system SP. This vulnerability allows attackers to execute arbitrary...
May 25, 2021CVE-2021-30188 is a critical stack-based buffer overflow vulnerability in CODESYS V2 runtime systems. It allows remote attackers to execute arbitrary ...
May 25, 2021CVE-2021-30190 is an improper access control vulnerability in CODESYS V2 Web-Server that allows unauthenticated attackers to bypass authentication and...
May 25, 2021CVE-2021-30192 is an improper security check vulnerability in CODESYS V2 Web-Server that allows attackers to bypass authentication and gain unauthoriz...
May 25, 2021CVE-2021-30194 is an out-of-bounds read vulnerability in CODESYS V2 Web-Server that could allow attackers to read sensitive memory contents or cause d...
May 25, 2021This vulnerability in CODESYS Development System 3 allows attackers to install malicious packages without validation checks. It affects users of CODES...
May 4, 2021CVE-2021-29239 is a vulnerability in CODESYS Development System 3 where malicious documents or files embedded in libraries are displayed or executed w...
May 3, 2021CVE-2021-29242 is an improper input validation vulnerability in CODESYS Control Runtime systems that allows attackers to send crafted packets to manip...
May 3, 2021Why Monitor Codesys Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 42+ known vulnerabilities affecting Codesys products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Codesys packages in under 60 seconds. No agents required - completely agentless scanning that works across Codesys deployments.
Free vulnerability database: Access detailed information about every Codesys CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Codesys CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
