Lucene search

[email protected]NVD:CVE-2021-34583

HistoryOct 26, 2021 - 10:15 a.m.

CVE-2021-34583

2021-10-2610:15:07

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

crafted requests

buffer overflow

denial of service

codesys v2 web server

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

55.8%

JSON

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Affected configurations

Nvd

Node

codesyscodesysRange<1.1.9.22

VendorProductVersionCPE
codesyscodesys*cpe:2.3:a:codesys:codesys:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
codesys	codesys	*	cpe:2.3:a:codesys:codesys::::::::

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=

www.tenable.com/security/research/tra-2021-47

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

55.8%

JSON

Related for NVD:CVE-2021-34583

prion1 cvelist1 cve1