CVE-2021-34595

CWE-823 CWE-119 — Buffer Overflow3 documents3 sources

Severity

8.1HIGH

EPSS

0.4%

top 41.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Codesys V2 Codesys Codesys Codesys Plcwinnt +28 more

Timeline

PublishedOct 26

Latest updateMay 24

Description

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages31 packages

▶NVDcodesys/runtime_toolkit< 2.4.7.56

▶NVDcodesys/plcwinnt< 2.4.7.56

▶NVDcodesys/codesys< 1.1.9.22

▶CVEListV5codesys/codesys_v2Runtime Toolkit 32 bit full — V2.4.7.56+1

▶NVDwago/750-823_firmware< fw10

🔴Vulnerability Details

GHSA

GHSA-r36w-qc6c-g892: A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to↗2022-05-24

▶

CVEList

CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service↗2021-10-26

▶