The CODESYS Development System does not limit the number of attempts to guess the password within an import dialog.
The Notification Center of the CODESYS Development System receives messages without ensuring that the message was not modified during transmission. This finally enables MITMs code execution when the user clicks the "Learn More" button.
The CODESYS Development System is vulnerable to the execution of malicious binaries from the current working directory.
CODESYS Control V3 runtime systems are affected by several security vulnerabilities in the communication server implementations for the CODESYS protocol. These may be exploited by authenticated attackers.
Multiple WAGO devices are prone to vulnerabilites in the used CODESYS V3 framework.
A vulnerability allows Bluetooth LE pairing traffic to be sniffed and used to bypass authentication for pairing.
FactoryViews bundles many third-party applications which are used in background processes to provide the software's features. From time to time, vulnerabilities in these bundled applications are discovered. These are typically fixed in newer versions of FactoryViews by updating the bundled applications.
FactoryViews versions up to and including 1.5.2 contain around 200 such vulnerabilities listed in this advisory.
Version 1.6.0 is a security rollup release which includes updates to all bundled applications and fixes these vulnerabilities.
At this time, FactoryViews Lite cannot be updated beyond version 1.1.
FactoryViews 1.7 will unify non-Lite and Lite versions and fix these vulnerabilities for users of FactoryViews Lite.