CVE-2021-34595

EPSS 0.47%
Published 26.10.2021 10:15:08
Last modified 15.08.2025 20:25:40
Source info@cert.vde.com
Teams watchlist Login
Open Login

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Wago ≫ 750-823 Firmware Version < fw10

Wago ≫ 750-823 Version-

Wago ≫ 750-829 Firmware Version < fw17

Wago ≫ 750-829 Version-

Wago ≫ 750-831 Firmware Version < fw17

Wago ≫ 750-831 Version-

Wago ≫ 750-832 Firmware Version < fw10

Wago ≫ 750-832 Version-

Wago ≫ 750-852 Firmware Version < fw17

Wago ≫ 750-852 Version-

Wago ≫ 750-862 Firmware Version < fw10

Wago ≫ 750-862 Version-

Wago ≫ 750-880 Firmware Version < fw17

Wago ≫ 750-880 Version-

Wago ≫ 750-881 Firmware Version < fw17

Wago ≫ 750-881 Version-

Wago ≫ 750-882 Firmware Version < fw17

Wago ≫ 750-882 Version-

Wago ≫ 750-885 Firmware Version < fw17

Wago ≫ 750-885 Version-

Wago ≫ 750-889 Firmware Version < fw17

Wago ≫ 750-889 Version-

Wago ≫ 750-890 Firmware Version < fw10

Wago ≫ 750-890 Version-

Wago ≫ 750-891 Firmware Version < fw10

Wago ≫ 750-891 Version-

Wago ≫ 750-893 Firmware Version < fw10

Wago ≫ 750-893 Version-

Wago ≫ 750-8202 Firmware Version < fw20

Wago ≫ 750-8202 Version-

Wago ≫ 750-8203 Firmware Version < fw20

Wago ≫ 750-8203 Version-

Wago ≫ 750-8204 Firmware Version < fw20

Wago ≫ 750-8204 Version-

Wago ≫ 750-8206 Firmware Version < fw20

Wago ≫ 750-8206 Version-

Wago ≫ 750-8207 Firmware Version < fw20

Wago ≫ 750-8207 Version-

Wago ≫ 750-8208 Firmware Version < fw20

Wago ≫ 750-8208 Version-

Wago ≫ 750-8210 Firmware Version < fw20

Wago ≫ 750-8210 Version-

Wago ≫ 750-8211 Firmware Version < fw20

Wago ≫ 750-8211 Version-

Wago ≫ 750-8212 Firmware Version < fw20

Wago ≫ 750-8212 Version-

Wago ≫ 750-8213 Firmware Version < fw20

Wago ≫ 750-8213 Version-

Wago ≫ 750-8214 Firmware Version < fw20

Wago ≫ 750-8214 Version-

Wago ≫ 750-8216 Firmware Version < fw20

Wago ≫ 750-8216 Version-

Wago ≫ 750-8217 Firmware Version < fw20

Wago ≫ 750-8217 Version-

Codesys ≫ Codesys Version < 1.1.9.22

Codesys ≫ Plcwinnt Version < 2.4.7.56

Codesys ≫ Runtime Toolkit HwPlatformx86 Version < 2.4.7.56

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.634

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:N/I:P/A:P
info@cert.vde.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-823 Use of Out-of-range Pointer Offset

The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download=

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34595

EUVD