Skip to main content

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
May 25, 2021 - 12:15 nvd
MEDIUM 5.3

DescriptionNVD

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

AnalysisAI

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. Affected products include: Wago 750-893 Firmware, Wago 750-891 Firmware, Wago 750-890 Firmware, Wago 750-889 Firmware, Wago 750-885 Firmware. Version information: before 2.4.7.55.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2021-34584 CRITICAL POC
9.1 Oct 26

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service con

CVE-2021-34586 HIGH POC
7.5 Oct 26

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the

CVE-2021-34585 HIGH POC
7.5 Oct 26

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Rated high sever

CVE-2021-34583 HIGH POC
7.5 Oct 26

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service cond

CVE-2021-30193 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2021-30192 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Rated critical severity (CVSS 9.8),

CVE-2021-30190 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerabilit

CVE-2021-30189 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulner

CVE-2021-30188 CRITICAL
9.8 May 25

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this

CVE-2021-30194 CRITICAL
9.1 May 25

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. Rated critical severity (CVSS 9.1), this vulnerability

CVE-2021-34595 HIGH
8.1 Oct 26

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32

CVE-2021-34578 HIGH
8.1 Aug 31

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by s

Share

CVE-2021-30187 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy