CVE-2021-21866
https://notcve.org/view.php?id=CVE-2021-21866
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de deserialización no segura en la funcionalidad ObjectManager.plugin ProfileInformation.ProfileData de CODESYS GmbH CODESYS Development System versiones 3.5.16 y 3.5.17. Un archivo especialmente diseñado puede conllevar a una ejecución arbitraria de comandos. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1303 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-21865
https://notcve.org/view.php?id=CVE-2021-21865
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de deserialización no segura en la funcionalidad PackageManagement.plugin ExtensionMethods.Clone() de CODESYS GmbH CODESYS Development System versión 3.5.16. Un archivo especialmente diseñado puede conllevar a una ejecución arbitraria de comandos. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-21864
https://notcve.org/view.php?id=CVE-2021-21864
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de deserialización no segura en la funcionalidad ComponentModel ComponentManager.StartupCultureSettings de CODESYS GmbH CODESYS Development System versiones 3.5.16 y 3.5.17. Un archivo especialmente diseñado puede conllevar a una ejecución arbitraria de comandos. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-30195
https://notcve.org/view.php?id=CVE-2021-30195
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. CODESYS V2 runtime system versiones anteriores a 2.4.7.55, presenta una Comprobación Inapropiada de la Entrada • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download= • CWE-125: Out-of-bounds Read •
CVE-2021-30188
https://notcve.org/view.php?id=CVE-2021-30188
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. CODESYS V2 runtime system SP versiones anteriores a 2.4.7.55, presenta un Desbordamiento del Búfer en la región stack de la memoria • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download= • CWE-787: Out-of-bounds Write •