3 matches found
CVE-2021-21867
An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigge...
CVE-2021-21867
creationtimestamp| type| source ---|---|--- 2021-08-18 18:17:07+00:00| seen| https://t.me/cibsecurity/27530 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...
CVE-2021-21867
CODESYS Development System versions 3.5.16 and 3.5.17 contain an unsafe deserialization vulnerability in ObjectManager.plugin ObjectStream.ProfileByteArray. The ProfileByteArray setter uses BinaryFormatter.Deserialize on untrusted input, enabling a crafted project file to execute arbitrary comman...