CVE-2021-33485

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 39.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Codesys ControlCodesys Control RTECodesys Control Runtime System Toolkit+4 more
Timeline
PublishedAug 3
Latest updateMay 24

Description

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

NVDcodesys/control< 4.2.0.0+1
NVDcodesys/control_rte< 3.5.17.10
NVDcodesys/control_win_sl< 3.5.17.10
NVDcodesys/hmi< 3.5.17.10

🔴Vulnerability Details

2
GHSA
GHSA-mrr3-f59g-2946: CODESYS Control Runtime system before 32022-05-24
CVEList
CVE-2021-33485: CODESYS Control Runtime system before 32021-08-03
CVE-2021-33485 (CRITICAL CVSS 9.8) | CODESYS Control Runtime system befo | cvebase.io