Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Plcwinnt | Codesys | 2.0 (including) | 2.4.7.57 (excluding) |
Runtime_toolkit | Codesys | 2.0 (including) | 2.4.7.57 (excluding) |