CVE-2021-36763

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download=	Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download=	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:codesys:control::::::beaglebone_sl::*
	cpe:2.3:a:codesys:control::::::empc-a\/imx6_sl::*
	cpe:2.3:a:codesys:control::::::iot2000_sl::*
	cpe:2.3:a:codesys:control::::::linux_sl::*
	cpe:2.3:a:codesys:control::::::pfc100_sl::*
	cpe:2.3:a:codesys:control::::::pfc200_sl::*
	cpe:2.3:a:codesys:control::::::plcnext_sl::*
	cpe:2.3:a:codesys:control::::::raspberry_pi_sl::*
	cpe:2.3:a:codesys:control::::::wago_touch_panels_600_sl::*
	cpe:2.3:a:codesys:control_rte::::::-::*
	cpe:2.3:a:codesys:control_rte::::::beckhoff_cx::*
	cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win_sl::::::::
	cpe:2.3:a:codesys:embedded_target_visu_toolkit::::::::
	cpe:2.3:a:codesys:hmi::::::::
	cpe:2.3:a:codesys:remote_target_visu_toolkit::::::::

History

No history.

Information

Published : 2021-08-03 16:15

Updated : 2024-11-21 06:14

NVD link : CVE-2021-36763

Mitre link : CVE-2021-36763

CVE.ORG link : CVE-2021-36763

JSON object : View

Products Affected

codesys

control_runtime_system_toolkit
control_win_sl
embedded_target_visu_toolkit
control_rte
control
hmi
remote_target_visu_toolkit

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2021-36763", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-08-03T16:15:08.657", "references": [{"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download=", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download=", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties."}, {"lang": "es", "value": "En CODESYS V3 web server versiones anteriores a 3.5.17.10, los archivos o directorios son accesibles para las partes externas"}], "lastModified": "2024-11-21T06:14:02.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:beaglebone_sl:*:*", "vulnerable": true, "matchCriteriaId": "57DD6E2E-9B12-4C30-9CCF-26C5EFCFC0EA", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:empc-a\\/imx6_sl:*:*", "vulnerable": true, "matchCriteriaId": "79E8DFCC-74F7-4B0D-A476-D13CBB32EDEF", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:iot2000_sl:*:*", "vulnerable": true, "matchCriteriaId": "58160302-830A-463B-AE5F-782B01893F40", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:linux_sl:*:*", "vulnerable": true, "matchCriteriaId": "2E740918-B35E-4583-8580-046A7C7F3113", "versionEndIncluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:pfc100_sl:*:*", "vulnerable": true, "matchCriteriaId": "F00E63D5-8CA2-4082-B522-4B0C51772A4C", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:pfc200_sl:*:*", "vulnerable": true, "matchCriteriaId": "6890F3F3-6DF2-4D0C-A431-B3705900E1EB", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:plcnext_sl:*:*", "vulnerable": true, "matchCriteriaId": "7D6CA947-A0F3-4F45-804B-BAD4BD24CBC4", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:raspberry_pi_sl:*:*", "vulnerable": true, "matchCriteriaId": "1545D5A9-739E-4C36-933A-B87A3D593A22", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control:*:*:*:*:*:wago_touch_panels_600_sl:*:*", "vulnerable": true, "matchCriteriaId": "7D0A2D1F-F297-4D5D-8FB1-1C80297E91A1", "versionEndExcluding": "4.2.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "102C898A-8CA9-4C6E-AAAD-ED947F6DCEA2", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", "vulnerable": true, "matchCriteriaId": "C629084B-E59E-4FA4-A866-7F2FE8C6D26B", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48B1957E-472D-4A21-A8FC-DF2AF0C118F5", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBCFD26C-0262-4D2B-99CA-E7EA0E6B75E3", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B640C5A9-8241-4191-87F6-E31D6902702E", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9116B38E-7B7C-48DB-B742-A8741EB63892", "versionEndExcluding": "3.5.17.10"}, {"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C86F931B-F172-4B00-B484-48048756655F", "versionEndExcluding": "3.5.17.10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}