CVE-2021-33485

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download=	Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download=	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:codesys:control::::::beaglebone_sl::*
	cpe:2.3:a:codesys:control::::::empc-a\/imx6_sl::*
	cpe:2.3:a:codesys:control::::::iot2000_sl::*
	cpe:2.3:a:codesys:control::::::linux_sl::*
	cpe:2.3:a:codesys:control::::::pfc100_sl::*
	cpe:2.3:a:codesys:control::::::pfc200_sl::*
	cpe:2.3:a:codesys:control::::::plcnext_sl::*
	cpe:2.3:a:codesys:control::::::raspberry_pi_sl::*
	cpe:2.3:a:codesys:control::::::wago_touch_panels_600_sl::*
	cpe:2.3:a:codesys:control_rte::::::-::*
	cpe:2.3:a:codesys:control_rte::::::beckhoff_cx::*
	cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win_sl::::::::
	cpe:2.3:a:codesys:embedded_target_visu_toolkit::::::::
	cpe:2.3:a:codesys:hmi::::::::
	cpe:2.3:a:codesys:remote_target_visu_toolkit::::::::

History

No history.

Information

Published : 2021-08-03 16:15

Updated : 2024-11-21 06:08

NVD link : CVE-2021-33485

Mitre link : CVE-2021-33485

CVE.ORG link : CVE-2021-33485

JSON object : View

Products Affected

codesys

control_runtime_system_toolkit
control_win_sl
embedded_target_visu_toolkit
control_rte
control
hmi
remote_target_visu_toolkit

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2021-33485", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-08-03T16:15:08.583", "references": [{"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download=", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download=", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow."}, {"lang": "es", "value": "CODESYS Control Runtime system versiones anteriores a 3.5.17.10, presenta un Desbordamiento de Buffer en la regi\u00f3n Heap de la memoria"}], "lastModified": "2024-11-21T06:08:55.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:beaglebone_sl:*:*", "vulnerable": true, "matchCriteriaId": "57DD6E2E-9B12-4C30-9CCF-26C5EFCFC0EA", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:empc-a\\/imx6_sl:*:*", "vulnerable": true, "matchCriteriaId": "79E8DFCC-74F7-4B0D-A476-D13CBB32EDEF", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:iot2000_sl:*:*", "vulnerable": true, "matchCriteriaId": "58160302-830A-463B-AE5F-782B01893F40", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:linux_sl:*:*", "vulnerable": true, "matchCriteriaId": "2E740918-B35E-4583-8580-046A7C7F3113", "versionEndIncluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:pfc100_sl:*:*", "vulnerable": true, "matchCriteriaId": "F00E63D5-8CA2-4082-B522-4B0C51772A4C", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:pfc200_sl:*:*", "vulnerable": true, "matchCriteriaId": "6890F3F3-6DF2-4D0C-A431-B3705900E1EB", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:plcnext_sl:*:*", "vulnerable": true, "matchCriteriaId": "7D6CA947-A0F3-4F45-804B-BAD4BD24CBC4", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:raspberry_pi_sl:*:*", "vulnerable": true, "matchCriteriaId": "1545D5A9-739E-4C36-933A-B87A3D593A22", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:wago_touch_panels_600_sl:*:*", "vulnerable": true, "matchCriteriaId": "7D0A2D1F-F297-4D5D-8FB1-1C80297E91A1", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "102C898A-8CA9-4C6E-AAAD-ED947F6DCEA2", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", "vulnerable": true, "matchCriteriaId": "C629084B-E59E-4FA4-A866-7F2FE8C6D26B", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48B1957E-472D-4A21-A8FC-DF2AF0C118F5", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBCFD26C-0262-4D2B-99CA-E7EA0E6B75E3", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B640C5A9-8241-4191-87F6-E31D6902702E", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9116B38E-7B7C-48DB-B742-A8741EB63892", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C86F931B-F172-4B00-B484-48048756655F", "versionEndExcluding": "3.5.17.10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}