CVE-2021-34596 - A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit

CVE-2021-34596

Summary

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download=

Vulnerable Configurations

cpe:2.3:a:codesys:plcwinnt:-:*:*:*:*:*:*:*
cpe:2.3:a:codesys:plcwinnt:-:*:*:*:*:*:*:*
cpe:2.3:a:codesys:plcwinnt:2.4.7.54:*:*:*:*:*:*:*
cpe:2.3:a:codesys:plcwinnt:2.4.7.54:*:*:*:*:*:*:*
cpe:2.3:a:codesys:runtime_toolkit:-:*:*:*:*:*:x86:*
cpe:2.3:a:codesys:runtime_toolkit:-:*:*:*:*:*:x86:*
cpe:2.3:a:codesys:runtime_toolkit:2.4.7.54:*:*:*:*:*:x86:*
cpe:2.3:a:codesys:runtime_toolkit:2.4.7.54:*:*:*:*:*:x86:*

CVSS

Base:	4.0 (as of 04-11-2021 - 15:29)
Impact:
Exploitability:

CWE

CWE-824

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

Last major update

04-11-2021 - 15:29

Published

26-10-2021 - 10:15

Last modified

04-11-2021 - 15:29