Control
CVE-2021-36763
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
AnalysisAI
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-552. In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. Affected products include: Codesys Control, Codesys Control Rte, Codesys Control Runtime System Toolkit, Codesys Control Win Sl, Codesys Embedded Target Visu Toolkit. Version information: before 3.5.17.10.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), th
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additio
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today