750 893 Firmware
CVE-2021-30191
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
AnalysisAI
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. Affected products include: Wago 750-893 Firmware, Wago 750-891 Firmware, Wago 750-890 Firmware, Wago 750-889 Firmware, Wago 750-885 Firmware. Version information: before 1.1.9.20.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
More in 750 893 Firmware
View allCrafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service con
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Rated high sever
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service cond
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Rated critical severity (CVSS 9.8),
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerabilit
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulner
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. Rated critical severity (CVSS 9.1), this vulnerability
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by s
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today