CVE-2021-34593 – CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service
https://notcve.org/view.php?id=CVE-2021-34593
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. En CODESYS V2 Runtime Toolkit 32 Bit full y PLCWinNT versiones anteriores a V2.4.7.56, las peticiones no válidas diseñadas sin autenticación pueden resultar en varias condiciones de denegación de servicio. Los programas de PLC en ejecución pueden detenerse, puede perderse la memoria, o puede bloquearse el acceso de otros clientes de comunicación al PLC WAGO 750-8xxx PLC versions prior to Firmware 20 Patch 1 (v03.08.08) suffer from denial of service and user enumeration vulnerabilities. • http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html http://seclists.org/fulldisclosure/2021/Oct/64 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download= • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2021-33486
https://notcve.org/view.php?id=CVE-2021-33486
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. Todas las versiones de CODESYS V3 Runtime Toolkit para VxWorks a partir de la versión V3.5.8.0 y versiones anteriores V3.5.17.10, presentan un Manejo Inapropiado de Condiciones Excepcionales • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14806&token=637e12e86301b83beac1653bd88da3aa5aa3f51b&download= • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2021-30195
https://notcve.org/view.php?id=CVE-2021-30195
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. CODESYS V2 runtime system versiones anteriores a 2.4.7.55, presenta una Comprobación Inapropiada de la Entrada • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download= • CWE-125: Out-of-bounds Read •
CVE-2021-30186
https://notcve.org/view.php?id=CVE-2021-30186
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. CODESYS V2 runtime system SP versiones anteriores a 2.4.7.55, presenta un Desbordamiento del Búfer en la región Heap de la memoria • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download= • CWE-787: Out-of-bounds Write •
CVE-2021-30187
https://notcve.org/view.php?id=CVE-2021-30187
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. CODESYS V2 runtime system SP versiones anteriores a 2.4.7.55, presenta una Neutralización Inapropiada de Elementos Especiales utilizados en un Comando del Sistema Operativo • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14727&token=25159b0fc4355f4c6bc2e074a519a9d0cdb23fbb&download= • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •