Vulnerability Description
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 750-8214 Firmware | < fw20 |
| Wago | 750-8214 | - |
| Wago | 750-8216 Firmware | < fw20 |
| Wago | 750-8216 | - |
| Wago | 750-8217 Firmware | < fw20 |
| Wago | 750-8217 | - |
| Wago | 750-8213 Firmware | < fw20 |
| Wago | 750-8213 | - |
| Wago | 750-8212 Firmware | < fw20 |
| Wago | 750-8212 | - |
| Wago | 750-8211 Firmware | < fw20 |
| Wago | 750-8211 | - |
| Wago | 750-8210 Firmware | < fw20 |
| Wago | 750-8210 | - |
| Wago | 750-8208 Firmware | < fw20 |
| Wago | 750-8208 | - |
| Wago | 750-8207 Firmware | < fw20 |
| Wago | 750-8207 | - |
| Wago | 750-8206 Firmware | < fw20 |
| Wago | 750-8206 | - |
Related Weaknesses (CWE)
References
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937fVendor Advisory
- https://www.tenable.com/security/research/tra-2021-47ExploitThird Party Advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937fVendor Advisory
- https://www.tenable.com/security/research/tra-2021-47ExploitThird Party Advisory
FAQ
What is CVE-2021-34583?
CVE-2021-34583 is a vulnerability with a CVSS score of 7.5 (HIGH). Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
How severe is CVE-2021-34583?
CVE-2021-34583 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34583?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-8214 Firmware, Wago 750-8214, Wago 750-8216 Firmware, Wago 750-8216, Wago 750-8217 Firmware.