VDB
ICSA-21-173-02
ICSA-21-173-02
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Successful exploitation of these vulnerabilities may allow an attacker to read or write arbitrary memory or files in the CODESYS Control runtime system, cause invalid memory accesses to execute code, or crash the CODESYS web server or CODESYS Control runtime system.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CODESYS reports all CODESYS V2 web servers running stand-alone or as part of the CODESYS runtime system: prior to Version 1.1.9.20 are affected |
Timeline
- Jun 22, 2021 CVE Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-173-02.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-173-02 advisory
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B url
- https://www.codesys.com/download fix
- https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf fix
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14726&token=553da5d11234bbe1ceed59969d419a71bb8c8747&download= fix