NULL pointer dereference in CODESYS products - CVE-2021-29241
Published: July 22, 2021
Vulnerability identifier: #VU55243
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-29241
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: CODESYS
Affected software:
CODESYS Gateway V3
CODESYS Edge Gateway for Linux
CODESYS Control V3 Runtime System Toolkit
CODESYS Development System
CODESYS Edge Gateway for Windows
CODESYS Gateway V3
CODESYS Edge Gateway for Linux
CODESYS Control V3 Runtime System Toolkit
CODESYS Development System
CODESYS Edge Gateway for Windows
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the CmpGateway component. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
How to mitigate CVE-2021-29241
Install update from vendor's website.