Skip to main content

Development System CVE-2021-29239

HIGH
Insufficient Verification of Data Authenticity (CWE-345)
2021-05-03 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 03, 2021 - 14:15 nvd
HIGH 7.8

DescriptionNVD

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

AnalysisAI

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-345. CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. Affected products include: Codesys Development System. Version information: before 3.5.17.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-21866 HIGH POC
7.8 Aug 02

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality o

CVE-2021-21864 HIGH POC
7.8 Aug 02

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionalit

CVE-2021-29240 HIGH POC
7.8 May 04

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before insta

CVE-2019-9010 CRITICAL
9.8 Aug 15

An issue was discovered in 3S-Smart CODESYS V3 products. Rated critical severity (CVSS 9.8), this vulnerability is remot

CVE-2023-3663 HIGH
8.8 Aug 03

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unau

CVE-2019-9013 HIGH
8.8 Aug 15

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 8.8), this vulnerability is no authen

CVE-2022-22515 HIGH
8.1 Apr 07

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vuln

CVE-2022-22516 HIGH
7.8 Apr 07

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write

CVE-2021-21863 HIGH
7.8 Aug 05

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH COD

CVE-2021-21865 HIGH
7.8 Aug 02

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of

CVE-2021-29241 HIGH
7.5 May 03

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). Rated hi

CVE-2022-30792 HIGH
7.5 Jul 11

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized atta

Share

CVE-2021-29239 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy