CVE-2021-34583

high-risk

Published 2021-10-26

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

Do I need to act?

0.69% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

750-8214 Firmware

750-8216 Firmware

750-8217 Firmware

750-8213 Firmware

750-8212 Firmware

750-8211 Firmware

750-8210 Firmware

750-8208 Firmware

750-8207 Firmware

750-8206 Firmware

750-8204 Firmware

750-8203 Firmware

750-8202 Firmware

750-893 Firmware

750-891 Firmware

750-890 Firmware

750-889 Firmware

750-885 Firmware

750-882 Firmware

750-881 Firmware

Affected Vendors

Wago Codesys

References (4)

Vendor Advisory https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f...

Exploit https://www.tenable.com/security/research/tra-2021-47

Vendor Advisory https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f...

Exploit https://www.tenable.com/security/research/tra-2021-47

/ 100

high-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 22/34 · High