Vulnerability CVE-2021-34595

Vulnerability CVE-2021-34595

Published: 2021-10-26

Description:

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

Type:

CWE-823

(Use of Out-of-range Pointer Offset)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.5/10	4.9/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	Partial

Affected software
Codesys -> Plcwinnt
Codesys -> Runtime toolkit

References:

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download

=

Copyright 2024, cxsecurity.com