Vulnerability Description
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wago | 750-823 Firmware | < fw10 |
| Wago | 750-823 | - |
| Wago | 750-829 Firmware | < fw17 |
| Wago | 750-829 | - |
| Wago | 750-831 Firmware | < fw17 |
| Wago | 750-831 | - |
| Wago | 750-832 Firmware | < fw10 |
| Wago | 750-832 | - |
| Wago | 750-852 Firmware | < fw17 |
| Wago | 750-852 | - |
| Wago | 750-862 Firmware | < fw10 |
| Wago | 750-862 | - |
| Wago | 750-880 Firmware | < fw17 |
| Wago | 750-880 | - |
| Wago | 750-881 Firmware | < fw17 |
| Wago | 750-881 | - |
| Wago | 750-882 Firmware | < fw17 |
| Wago | 750-882 | - |
| Wago | 750-885 Firmware | < fw17 |
| Wago | 750-885 | - |
Related Weaknesses (CWE)
References
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937fVendor Advisory
- https://www.tenable.com/security/research/tra-2021-47ExploitThird Party Advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937fVendor Advisory
- https://www.tenable.com/security/research/tra-2021-47ExploitThird Party Advisory
FAQ
What is CVE-2021-34586?
CVE-2021-34586 is a vulnerability with a CVSS score of 7.5 (HIGH). In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
How severe is CVE-2021-34586?
CVE-2021-34586 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34586?
Check the references section above for vendor advisories and patch information. Affected products include: Wago 750-823 Firmware, Wago 750-823, Wago 750-829 Firmware, Wago 750-829, Wago 750-831 Firmware.