Codesys
This hub aggregates every CVE we track for Codesys, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
30
CVEs tracked
12
Critical
14
High
0
In CISA KEV
Severity distribution
HIGH14CRITICAL12MEDIUM4
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Codesys.
- CVE-2025-41700CODESYS Development System - Deserialization of Untrusted Data7.8
- CVE-2021-34596CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service6.5
- CVE-2021-34595CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service8.1
- CVE-2021-34586CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS)7.5
- CVE-2021-34585CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS)7.5
- CVE-2021-34584CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS)9.1
- CVE-2021-34583CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)7.5
- CVE-2021-21869An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted fi...7.8
- CVE-2021-21868An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted...7.8
- CVE-2021-21867An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially craf...7.8
- CVE-2021-30195CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.7.5
- CVE-2021-30188CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.9.8
- CVE-2021-30186CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.7.5
- CVE-2021-30194CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.9.1
- CVE-2021-30193CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.9.8
Product normalization is registry-driven with AI assist and human review. How it works