Wago: >> 750-8202 Firmware Security Vulnerabilities
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-10-26
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
CVSS Score
7.5
EPSS Score
0.038
Published
2021-10-26
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
CVSS Score
9.1
EPSS Score
0.006
Published
2021-10-26
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-10-26
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
CVSS Score
7.5
EPSS Score
0.033
Published
2021-10-26
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-05-25
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-05-25