Page 19 of 131 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de deserialización no segura en la funcionalidad ObjectManager.plugin ProfileInformation.ProfileData de CODESYS GmbH CODESYS Development System versiones 3.5.16 y 3.5.17. Un archivo especialmente diseñado puede conllevar a una ejecución arbitraria de comandos. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1303 • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de deserialización no segura en la funcionalidad PackageManagement.plugin ExtensionMethods.Clone() de CODESYS GmbH CODESYS Development System versión 3.5.16. Un archivo especialmente diseñado puede conllevar a una ejecución arbitraria de comandos. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de deserialización no segura en la funcionalidad ComponentModel ComponentManager.StartupCultureSettings de CODESYS GmbH CODESYS Development System versiones 3.5.16 y 3.5.17. Un archivo especialmente diseñado puede conllevar a una ejecución arbitraria de comandos. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. CODESYS V2 runtime system versiones anteriores a 2.4.7.55, presenta una Comprobación Inapropiada de la Entrada • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download= • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. CODESYS V2 runtime system SP versiones anteriores a 2.4.7.55, presenta un Desbordamiento del Búfer en la región stack de la memoria • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download= • CWE-787: Out-of-bounds Write •