Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-34584
PUBLISHED
More InfoOfficial Page
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
View Known Exploited Vulnerability (KEV) details
Published At-26 Oct, 2021 | 09:55
Updated At-16 Sep, 2024 | 22:25
Rejected At-
▼CVE Numbering Authority (CNA)
CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS)

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Affected Products
Vendor
CODESYS GmbHCODESYS
Product
CODESYS V2
Versions
Affected
  • From all web servers before V1.1.9.22 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-126CWE-126 Buffer Over-read
Type: CWE
CWE ID: CWE-126
Description: CWE-126 Buffer Over-read
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

CODESYS GmbH has released version V1.1.9.22 of the CODESYS V2 web server to solve the noted vulnerability issues. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup version V2.3.9.68.

Configurations
Workarounds
Exploits
Credits
This vulnerability was discovered by Tenable Research.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
x_refsource_CONFIRM
https://www.tenable.com/security/research/tra-2021-47
x_refsource_MISC
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.tenable.com/security/research/tra-2021-47
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
x_refsource_CONFIRM
x_transferred
https://www.tenable.com/security/research/tra-2021-47
x_refsource_MISC
x_transferred
Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.tenable.com/security/research/tra-2021-47
Resource:
x_refsource_MISC
x_transferred
Details not found