admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

added 7 CVEs

Browse Source
This commit is contained in:
Jochen Becker 2021-10-26 11:49:04 +02:00
parent 174a9dc2cd
commit d48a882978
7 changed files with 634 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2021/34xxx/CVE-2021-34583.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-10-25T14:00:00.000Z",
"ID": "CVE-2021-34583",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all web servers",
"version_value": "V1.1.9.22"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered by Tenable Research."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download="
}
]
},
"solution": [
{
"lang": "eng",
"value": "CODESYS GmbH has released version V1.1.9.22 of the CODESYS V2 web server to solve the noted vulnerability issues. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup version V2.3.9.68."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

94
2021/34xxx/CVE-2021-34584.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-10-25T14:00:00.000Z",
"ID": "CVE-2021-34584",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all web servers",
"version_value": "V1.1.9.22"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered by Tenable Research."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126 Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download="
}
]
},
"solution": [
{
"lang": "eng",
"value": "CODESYS GmbH has released version V1.1.9.22 of the CODESYS V2 web server to solve the noted vulnerability issues. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup version V2.3.9.68."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

94
2021/34xxx/CVE-2021-34585.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-10-25T14:00:00.000Z",
"ID": "CVE-2021-34585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all web servers",
"version_value": "V1.1.9.22"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered by Tenable Research."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download="
}
]
},
"solution": [
{
"lang": "eng",
"value": "CODESYS GmbH has released version V1.1.9.22 of the CODESYS V2 web server to solve the noted vulnerability issues. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup version V2.3.9.68."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

94
2021/34xxx/CVE-2021-34586.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-10-25T14:00:00.000Z",
"ID": "CVE-2021-34586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all web servers",
"version_value": "V1.1.9.22"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered by Tenable Research."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download="
}
]
},
"solution": [
{
"lang": "eng",
"value": "CODESYS GmbH has released version V1.1.9.22 of the CODESYS V2 web server to solve the noted vulnerability issues. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup version V2.3.9.68."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

102
2021/34xxx/CVE-2021-34593.json
View File

@ -1,18 +1,108 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-10-25T14:00:00.000Z",
"ID": "CVE-2021-34593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V2 ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Runtime Toolkit 32 bit full",
"version_value": "V2.4.7.56"
},
{
"version_affected": "<",
"version_name": "PLCWinNT",
"version_value": "V2.4.7.56"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Steffen Robertz and Gerhard Hechenberger from the SEC Consult Vulnerability Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download="
}
]
},
"solution": [
{
"lang": "eng",
"value": "CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products:\n * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56\n * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68."
}
],
"source": {
"defect": [
"VDE-2021-049"
],
"discovery": "EXTERNAL"
}
}

99
2021/34xxx/CVE-2021-34595.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-10-25T14:00:00.000Z",
"ID": "CVE-2021-34595",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V2 ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Runtime Toolkit 32 bit full",
"version_value": "V2.4.7.56"
},
{
"version_affected": "<",
"version_name": "PLCWinNT",
"version_value": "V2.4.7.56"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported by Chen Jie and Gao Jian of NSFOCUS."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-823 Use of Out-of-range Pointer Offset"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download="
}
]
},
"solution": [
{
"lang": "eng",
"value": "CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products:\n * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56\n * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2021/34xxx/CVE-2021-34596.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-10-25T14:00:00.000Z",
"ID": "CVE-2021-34596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V2 ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Runtime Toolkit 32 bit full",
"version_value": "V2.4.7.56"
},
{
"version_affected": "<",
"version_name": "PLCWinNT",
"version_value": "V2.4.7.56"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported by Gao Jian of NSFOCUS."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download="
}
]
},
"solution": [
{
"lang": "eng",
"value": "CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products:\n * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56\n * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68."
}
],
"source": {
"discovery": "EXTERNAL"
}
}