Sergey Fedonin

**Name of the Vulnerable Software and Affected Versions** CODESYS V2 Web-Server versions prior to 1.1.9.20 **Description** The issue is caused by a buffer overflow in the dynamic memory of the CODESYS V2.3 web server, which is part of the CODESYS industrial automation software complex. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is described as a stack-based buffer overflow. **Recommendations** For versions prior to 1.1.9.20, update to version 1.1.9.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CODESYS V2 runtime system SP versions prior to 2.4.7.55 **Description** The issue arises from the improper neutralization of special elements used in an OS command, potentially allowing an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 2.4.7.55, update to version 2.4.7.55 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CODESYS V2 Web-Server versions prior to 1.1.9.20 **Description** The issue is related to an out-of-bounds read in the CODESYS V2 Web-Server component of the CODESYS industrial automation software suite. This can be exploited by a remote attacker to disclose protected information and cause a denial of service. **Recommendations** For versions prior to 1.1.9.20, update to version 1.1.9.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the web server component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CODESYS V2 runtime system versions prior to 2.4.7.55 **Description** The issue exists due to the reading of data beyond the boundaries of a specified buffer in the CODESYS Control V2 Linux SysFile library of the CODESYS industrial automation software complex. Exploitation of this issue may allow a remote attacker to cause a denial of service. The problem is caused by improper input validation. **Recommendations** For versions prior to 2.4.7.55, update to version 2.4.7.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CODESYS V2 runtime system SP versions prior to 2.4.7.55 **Description** The issue is a Heap-based Buffer Overflow in the CODESYS V2 runtime system SP. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 2.4.7.55, update to version 2.4.7.55 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CODESYS V2 runtime system SP versions prior to 2.4.7.55 **Description** The issue is a stack-based buffer overflow in the CODESYS V2 runtime system SP. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 2.4.7.55, update to version 2.4.7.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.