#VU55243 NULL pointer dereference in CODESYS products - CVE-2021-29241
Published: July 22, 2021
Vulnerability identifier: #VU55243
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-29241
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
CODESYS Gateway V3
CODESYS Edge Gateway for Linux
CODESYS Control V3 Runtime System Toolkit
CODESYS Development System
CODESYS Edge Gateway for Windows
CODESYS Gateway V3
CODESYS Edge Gateway for Linux
CODESYS Control V3 Runtime System Toolkit
CODESYS Development System
CODESYS Edge Gateway for Windows
Software vendor:
CODESYS
CODESYS
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the CmpGateway component. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.