CVE-2021-34585 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-34585 PUBLISHED CVSS 7.5 HIGH

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

EPSS 0.47% · 64.3th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.47%

64.3th percentile

Affected Products

Vendor	Product	Versions
wago	750-829_firmware	0
wago	750-8216_firmware	0
wago	750-890_firmware	0
wago	750-8217_firmware	0
wago	750-8204_firmware	0
wago	750-893_firmware	0
wago	750-852_firmware	0
wago	750-8208_firmware	0
wago	750-862_firmware	0
wago	750-831_firmware	0
wago	750-8203_firmware	0
wago	750-8213_firmware	0
wago	750-8202_firmware	0
wago	750-8206_firmware	0
wago	750-8212_firmware	0
wago	750-885_firmware	0
CODESYS	CODESYS V2	all web servers
wago	750-880_firmware	0
wago	750-881_firmware	0
wago	750-8214_firmware	0

…and 9 more

Timeline

Oct 26, 2021 CVE Published
Oct 27, 2021 EPSS Score
Dec 21, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 11, 2022 EPSS Score
Jun 6, 2022 EPSS Score
Aug 1, 2022 EPSS Score
Sep 26, 2022 EPSS Score
Nov 20, 2022 EPSS Score
Jan 15, 2023 EPSS Score

References

Open in Interactive Console →