Skip to main content

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 25, 2021 - 13:15 nvd
CRITICAL 9.8

DescriptionNVD

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

AnalysisAI

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. Affected products include: Wago 750-893 Firmware, Wago 750-891 Firmware, Wago 750-890 Firmware, Wago 750-889 Firmware, Wago 750-885 Firmware. Version information: before 1.1.9.20.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2021-34584 CRITICAL POC
9.1 Oct 26

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service con

CVE-2021-34586 HIGH POC
7.5 Oct 26

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the

CVE-2021-34585 HIGH POC
7.5 Oct 26

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Rated high sever

CVE-2021-34583 HIGH POC
7.5 Oct 26

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service cond

CVE-2021-30192 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Rated critical severity (CVSS 9.8),

CVE-2021-30190 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerabilit

CVE-2021-30189 CRITICAL
9.8 May 25

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulner

CVE-2021-30188 CRITICAL
9.8 May 25

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. Rated critical severity (CVSS 9.8), this

CVE-2021-30194 CRITICAL
9.1 May 25

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. Rated critical severity (CVSS 9.1), this vulnerability

CVE-2021-34595 HIGH
8.1 Oct 26

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32

CVE-2021-34578 HIGH
8.1 Aug 31

This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by s

CVE-2023-1150 HIGH
7.5 Jun 26

Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS

Share

CVE-2021-30193 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy