Lucene search

[email protected]CVE-2021-29241

HistoryMay 03, 2021 - 2:15 p.m.

CVE-2021-29241

2021-05-0314:15:07

CWE-476

[email protected]

web.nvd.nist.gov

cve-2021-29241

codesys gateway

null pointer dereference

denial of service

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

Affected configurations

NVD

Node

codesyscontrol_for_beaglebone_slRange3.0–4.0.1.0

codesyscontrol_for_empc-a\/imx6_slRange3.0–4.0.1.0

codesyscontrol_for_iot2000_slRange3.0–4.0.1.0

codesyscontrol_for_linux_slRange3.0–4.0.1.0

codesyscontrol_for_pfc100_slRange3.0–3.5.16.0

codesyscontrol_for_pfc200_slRange3.0–3.5.16.0

codesyscontrol_for_raspberry_pi_slRange3.0–4.0.1.0

codesyscontrol_runtime_system_toolkitRange3.0–3.5.16.70

codesysdevelopment_systemRange3.0–3.5.16.70

codesysedge_gatewayRange3.0–3.5.16.70windows

codesysedge_gatewayRange3.0–4.1.0.0linux

codesysgatewayRange3.0–3.5.16.70

CPENameOperatorVersion
codesys:control_for_beaglebone_slcodesys control for beaglebone sllt4.0.1.0
codesys:control_for_empc-a\/imx6_slcodesys control for empc-a/imx6 sllt4.0.1.0
codesys:control_for_iot2000_slcodesys control for iot2000 sllt4.0.1.0
codesys:control_for_linux_slcodesys control for linux sllt4.0.1.0
codesys:control_for_pfc100_slcodesys control for pfc100 sllt3.5.16.0
codesys:control_for_pfc200_slcodesys control for pfc200 sllt3.5.16.0
codesys:control_for_raspberry_pi_slcodesys control for raspberry pi sllt4.0.1.0
codesys:control_runtime_system_toolkitcodesys control runtime system toolkitlt3.5.16.70
codesys:development_systemcodesys development systemlt3.5.16.70
codesys:edge_gatewaycodesys edge gatewaylt3.5.16.70

CPE	Name	Operator	Version
codesys:control_for_beaglebone_sl	codesys control for beaglebone sl	lt	4.0.1.0
codesys:control_for_empc-a\/imx6_sl	codesys control for empc-a/imx6 sl	lt	4.0.1.0
codesys:control_for_iot2000_sl	codesys control for iot2000 sl	lt	4.0.1.0
codesys:control_for_linux_sl	codesys control for linux sl	lt	4.0.1.0
codesys:control_for_pfc100_sl	codesys control for pfc100 sl	lt	3.5.16.0
codesys:control_for_pfc200_sl	codesys control for pfc200 sl	lt	3.5.16.0
codesys:control_for_raspberry_pi_sl	codesys control for raspberry pi sl	lt	4.0.1.0
codesys:control_runtime_system_toolkit	codesys control runtime system toolkit	lt	3.5.16.70
codesys:development_system	codesys development system	lt	3.5.16.70
codesys:edge_gateway	codesys edge gateway	lt	3.5.16.70

Rows per page:

1-10 of 121

References

customers.codesys.com/index.php

customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download=

www.codesys.com/security/security-reports.html

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON

Related for CVE-2021-29241

prion1 cvelist1 nvd1 threatpost1 thn1