7.5

CVE-2021-34593

Exploit

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Data is provided by the National Vulnerability Database (NVD)
Wago750-8202 Firmware Version < fw20
   Wago750-8202 Version-
Wago750-8203 Firmware Version < fw20
   Wago750-8203 Version-
Wago750-8204 Firmware Version < fw20
   Wago750-8204 Version-
Wago750-8206 Firmware Version < fw20
   Wago750-8206 Version-
Wago750-8207 Firmware Version < fw20
   Wago750-8207 Version-
Wago750-8208 Firmware Version < fw20
   Wago750-8208 Version-
Wago750-8210 Firmware Version < fw20
   Wago750-8210 Version-
Wago750-8211 Firmware Version < fw20
   Wago750-8211 Version-
Wago750-8212 Firmware Version < fw20
   Wago750-8212 Version-
Wago750-8213 Firmware Version < fw20
   Wago750-8213 Version-
Wago750-8214 Firmware Version < fw20
   Wago750-8214 Version-
Wago750-8216 Firmware Version < fw20
   Wago750-8216 Version-
Wago750-8217 Firmware Version < fw20
   Wago750-8217 Version-
CodesysPlcwinnt Version < 2.4.7.56
CodesysRuntime Toolkit HwPlatformx86 Version < 2.4.7.56
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.6% 0.809
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
info@cert.vde.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

http://seclists.org/fulldisclosure/2021/Oct/64
Third Party Advisory
Mailing List