Lucene search
+L

9 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-9034

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.01219EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-9035

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.01727EPSS
Exploits1References2
cve
cve
added 2021/08/18 2:35 p.m.63 views

CVE-2021-21868

CVE-2021-21868 affects CODESYS Development System 3.5.16 and 3.5.17. The root cause is an unsafe deserialization in ObjectManager.plugin GetMissingTypesFromAuxStream() that uses BinaryFormatter on untrusted data, enabling arbitrary code execution when a project auxiliary file (MissingTypeInformat...

8.8CVSS7.7AI score0.01607EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2021/08/18 2:34 p.m.30 views

CVE-2021-21867

An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigge...

8.8CVSS8AI score0.01648EPSS
Exploits1References2
nvd
nvd
added 2021/08/05 8:15 p.m.35 views

CVE-2021-21863

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

8.8CVSS0.01219EPSS
Exploits0References1
cve
cve
added 2021/08/02 8:33 p.m.70 views

CVE-2021-21865

CVE-2021-21865 affects CODESYS Development System 3.5.16. The vulnerability is in PackageManagement.plugin ExtensionMethods.Clone(), which leverages BinaryFormatter to serialize/deserialize and exposes deserialization of untrusted data, enabling arbitrary command execution on exploitation (as des...

8.8CVSS7.7AI score0.01298EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/08/02 8:33 p.m.40 views

CVE-2021-21864

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...

7.8CVSS8AI score0.01727EPSS
Exploits1References2
talos
talos
added 2021/07/26 12:0 a.m.116 views

CODESYS Development System PackageManagement.plugin ExtensionMethods.Clone() Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...

8.8CVSS8AI score0.01298EPSS
Exploits0
ics
ics
added 2021/06/22 12:0 a.m.38 views

CODESYS Control V2 Linux SysFile library

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS V2 Runtime Toolkit Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow the control programmer to call...

5.3CVSS5.9AI score0.00268EPSS
Exploits0References4
Rows per page
Query Builder