CVE-2021-21865
https://notcve.org/view.php?id=CVE-2021-21865
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de deserialización no segura en la funcionalidad PackageManagement.plugin ExtensionMethods.Clone() de CODESYS GmbH CODESYS Development System versión 3.5.16. Un archivo especialmente diseñado puede conllevar a una ejecución arbitraria de comandos. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-21864
https://notcve.org/view.php?id=CVE-2021-21864
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de deserialización no segura en la funcionalidad ComponentModel ComponentManager.StartupCultureSettings de CODESYS GmbH CODESYS Development System versiones 3.5.16 y 3.5.17. Un archivo especialmente diseñado puede conllevar a una ejecución arbitraria de comandos. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-29240
https://notcve.org/view.php?id=CVE-2021-29240
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. El Administrador de Paquetes de CODESYS Development System 3 versiones anteriores a 3.5.17.0, no comprueba la validez de los paquetes antes de la instalación y puede ser usado para instalar paquetes CODESYS con contenido malicioso • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14636&token=1ce7e6e4cbe4651989ede418450d7c82e972bdf2&download= https://www.codesys.com/security/security-reports.html •
CVE-2021-29239
https://notcve.org/view.php?id=CVE-2021-29239
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. CODESYS Development System versiones 3 anteriores a 3.5.17.0, muestra o ejecuta documentos maliciosos o archivos insertados en bibliotecas sin comprobar primero su validez. • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14639&token=fa836f8bd4a2184aa9323a639ca9f2aaf1538412&download= https://www.codesys.com/security/security-reports.html • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2021-29241
https://notcve.org/view.php?id=CVE-2021-29241
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). CODESYS Gateway versiones 3 anteriores a 3.5.16.70 tiene una derivación de puntero NULL que puede resultar en una denegación de servicio (DoS) • https://customers.codesys.com/index.php https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download= https://www.codesys.com/security/security-reports.html • CWE-476: NULL Pointer Dereference •