Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-30192 (GCVE-0-2021-30192)
Vulnerability from cvelistv5 – Published: 2021-05-25 12:09 – Updated: 2024-08-03 22:24
VLAI?
EPSS
Summary
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-25T12:09:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30192",
"datePublished": "2021-05-25T12:09:28.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:24:59.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-30192\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-05-25T13:15:17.837\",\"lastModified\":\"2025-08-15T20:27:29.643\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.\"},{\"lang\":\"es\",\"value\":\"CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta una Comprobaci\u00f3n de Seguridad Implementada Inapropiadamente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"2FCDEBB8-1A23-470E-858E-113E382EF5C4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4795D0-B90B-4643-8713-88D89172D1A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"412C2148-01BA-4EB5-9843-B88EF40FC49E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22BAABD9-A10D-4904-AA02-C37C4490B47A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"FD51A1B9-5BD7-4458-BE90-18D1666B807E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11751A8B-FCFD-433B-9065-B4FC85168A93\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"6C253BB7-B264-4FD3-8691-E11806C6E126\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57919AAB-2962-4543-810A-C143300351F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"21A7AD4D-EF15-4A2F-A5DB-69390238A4B8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7712F56E-AEBA-4DE0-9172-26F3D29B369B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"B26C1E90-3A58-441E-B2F6-56FF9A4807CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1379D65-F376-4618-B708-5E59D64C8033\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"A1E9B30D-158F-4A96-904A-21A6B4E693FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FE51647-62C1-4D3C-91FA-13ACA6CD71D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw16\",\"matchCriteriaId\":\"BFD07A69-6741-446B-8D02-4F9BACDDD973\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFEAC4D9-15CF-44B8-844D-C012AA4637A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"E7DB181E-1417-4B82-9A50-59E82F9968AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA04FBFB-9E1C-4618-9FDC-70675506D8D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"EA876F0F-AA09-4972-B6D8-C1625E742ED9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D6739E1-EF0B-48EE-90FC-5708756FC362\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"1199B32D-F6F2-473A-83F0-3E53735F7072\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13D1FA8D-C8BA-4D1C-8372-DECD40177631\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"4D8D785A-E80C-42CA-8070-C50914A7442E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0631884-FF6F-4AA9-9D76-CDECB5A738FC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"8D510EFD-2F2E-42A9-BD92-B200CB22267A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F88F6E08-2D1B-4B34-B8DB-40292C0BBEB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"03675DC5-0563-4742-90F1-85CCE629157E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23B02096-81A5-4823-94F3-D87F389397DE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"E8178F4C-BD4B-4E22-95F9-5264FD29E557\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC428EC8-532A-4825-BCE3-C42A4BC01C68\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"9FC5F373-F17C-441A-AB86-F22D624E744E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AF14BE1-1EB5-423B-9FE7-E401AEF92553\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"6C723A05-DC44-4F43-BEC2-EAD27E68804B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E17ECC4-D7AE-485C-A2EF-4148817F9DB8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"40789CA2-C91E-4510-A759-51C01A86C3F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA98A0D9-B050-430B-96C5-15932438FD3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"EDE72D10-8E25-4939-9255-23E8FED88449\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C86098FC-E63E-4676-8BA1-ADCA30795558\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"6ED56607-5CA6-47F5-8C2A-AEF69CB4A9F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E11758B-46C3-4E57-943A-C9C073AE5211\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"D0E03C56-1319-4EE2-BF99-A4BA861D8381\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD6B267-3E4B-4597-82A6-130D6F21C728\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"2343C5B1-4905-405B-ACD7-375C31FC6C9A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20BBC380-0F6E-4400-93AF-5B6CFEF00562\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"E486580C-8400-4235-A617-8DBF4F65F31D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4969E8EB-EF09-47B9-8F03-37BB87CFD048\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"3DE5D039-B7BA-4876-9B3B-B41CCA778A98\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"979A8E43-4285-4A7B-BB0B-E6888117862C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"5F2AA067-9AA9-4D52-B609-C77CAD71CD33\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B854F74-173E-4523-BBA7-8FF7A9B9880E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"A8032A39-1795-4AB0-9822-8A16EFFD1AE0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B23CD8FD-FC7A-4E24-BF8F-648478D82645\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:v2_web_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1.9.20\",\"matchCriteriaId\":\"0C1A7238-78B6-4521-92ED-B5761E68402E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"0E02A0AE-7B50-4918-95DB-61598A7DA57F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB88572A-CB05-4B52-8BFC-05EFDC819244\"}]}]}],\"references\":[{\"url\":\"https://customers.codesys.com/index.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download=\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download=\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
ICSA-21-173-02
Vulnerability from csaf_cisa - Published: 2021-06-22 00:00 - Updated: 2021-06-22 00:00Summary
CODESYS V2 web server
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities may allow an attacker to read or write arbitrary memory or files in the CODESYS Control runtime system, cause invalid memory accesses to execute code, or crash the CODESYS web server or CODESYS Control runtime system.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
9.8 (Critical)
Mitigation
CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66
Mitigation
Please visit the CODESYS update area for more information on how to obtain the software updates.
https://www.codesys.com/download
Mitigation
Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.
Mitigation
Use firewalls to protect and separate the control system network from other networks.
Mitigation
Use VPN (virtual private network) tunnels if remote access is required.
Mitigation
Activate and apply user management and password features.
Mitigation
Use encrypted communication links.
Mitigation
Limit access to both development and control system by physical means, operating system features, etc.
Mitigation
Protect both development and control system operations by using up to date virus detecting solutions.
Mitigation
For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.
https://customers.codesys.com/fileadmin/data/cust…
Mitigation
Please see CODESYS Advisory 2021-07 for more information.
https://customers.codesys.com/index.php?eID=dumpF…
9.8 (Critical)
Mitigation
CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66
Mitigation
Please visit the CODESYS update area for more information on how to obtain the software updates.
https://www.codesys.com/download
Mitigation
Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.
Mitigation
Use firewalls to protect and separate the control system network from other networks.
Mitigation
Use VPN (virtual private network) tunnels if remote access is required.
Mitigation
Activate and apply user management and password features.
Mitigation
Use encrypted communication links.
Mitigation
Limit access to both development and control system by physical means, operating system features, etc.
Mitigation
Protect both development and control system operations by using up to date virus detecting solutions.
Mitigation
For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.
https://customers.codesys.com/fileadmin/data/cust…
Mitigation
Please see CODESYS Advisory 2021-07 for more information.
https://customers.codesys.com/index.php?eID=dumpF…
7.5 (High)
Mitigation
CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66
Mitigation
Please visit the CODESYS update area for more information on how to obtain the software updates.
https://www.codesys.com/download
Mitigation
Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.
Mitigation
Use firewalls to protect and separate the control system network from other networks.
Mitigation
Use VPN (virtual private network) tunnels if remote access is required.
Mitigation
Activate and apply user management and password features.
Mitigation
Use encrypted communication links.
Mitigation
Limit access to both development and control system by physical means, operating system features, etc.
Mitigation
Protect both development and control system operations by using up to date virus detecting solutions.
Mitigation
For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.
https://customers.codesys.com/fileadmin/data/cust…
Mitigation
Please see CODESYS Advisory 2021-07 for more information.
https://customers.codesys.com/index.php?eID=dumpF…
9.8 (Critical)
Mitigation
CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66
Mitigation
Please visit the CODESYS update area for more information on how to obtain the software updates.
https://www.codesys.com/download
Mitigation
Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.
Mitigation
Use firewalls to protect and separate the control system network from other networks.
Mitigation
Use VPN (virtual private network) tunnels if remote access is required.
Mitigation
Activate and apply user management and password features.
Mitigation
Use encrypted communication links.
Mitigation
Limit access to both development and control system by physical means, operating system features, etc.
Mitigation
Protect both development and control system operations by using up to date virus detecting solutions.
Mitigation
For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.
https://customers.codesys.com/fileadmin/data/cust…
Mitigation
Please see CODESYS Advisory 2021-07 for more information.
https://customers.codesys.com/index.php?eID=dumpF…
9.8 (Critical)
Mitigation
CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66
Mitigation
Please visit the CODESYS update area for more information on how to obtain the software updates.
https://www.codesys.com/download
Mitigation
Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.
Mitigation
Use firewalls to protect and separate the control system network from other networks.
Mitigation
Use VPN (virtual private network) tunnels if remote access is required.
Mitigation
Activate and apply user management and password features.
Mitigation
Use encrypted communication links.
Mitigation
Limit access to both development and control system by physical means, operating system features, etc.
Mitigation
Protect both development and control system operations by using up to date virus detecting solutions.
Mitigation
For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.
https://customers.codesys.com/fileadmin/data/cust…
Mitigation
Please see CODESYS Advisory 2021-07 for more information.
https://customers.codesys.com/index.php?eID=dumpF…
9.1 (Critical)
Mitigation
CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66
Mitigation
Please visit the CODESYS update area for more information on how to obtain the software updates.
https://www.codesys.com/download
Mitigation
Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.
Mitigation
Use firewalls to protect and separate the control system network from other networks.
Mitigation
Use VPN (virtual private network) tunnels if remote access is required.
Mitigation
Activate and apply user management and password features.
Mitigation
Use encrypted communication links.
Mitigation
Limit access to both development and control system by physical means, operating system features, etc.
Mitigation
Protect both development and control system operations by using up to date virus detecting solutions.
Mitigation
For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.
https://customers.codesys.com/fileadmin/data/cust…
Mitigation
Please see CODESYS Advisory 2021-07 for more information.
https://customers.codesys.com/index.php?eID=dumpF…
References
Acknowledgments
Positive Technologies
Vyacheslav Moskvin
Sergey Fedonin
Anton Dorfman
{
"document": {
"acknowledgments": [
{
"names": [
"Vyacheslav Moskvin",
"Sergey Fedonin",
"Anton Dorfman"
],
"organization": "Positive Technologies",
"summary": "reporting these vulnerabilities to CODESYS"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may allow an attacker to read or write arbitrary memory or files in the CODESYS Control runtime system, cause invalid memory accesses to execute code, or crash the CODESYS web server or CODESYS Control runtime system.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-173-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-173-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-173-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-173-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "CODESYS V2 web server",
"tracking": {
"current_release_date": "2021-06-22T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-173-02",
"initial_release_date": "2021-06-22T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-06-22T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-173-02 CODESYS V2 web server"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.1.9.20",
"product": {
"name": "CODESYS reports all CODESYS V2 web servers running stand-alone or as part of the CODESYS runtime system: prior to Version 1.1.9.20 are affected",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "CODESYS reports all CODESYS V2 web servers running stand-alone or as part of the CODESYS runtime system"
}
],
"category": "vendor",
"name": "CODESYS, GmbH"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30189",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "Crafted web server requests may cause a stack-based buffer overflow. This could allow an attacker to execute arbitrary code on the CODESYS web server or trigger a denial-of-service condition due to a crash in the CODESYS web server.CVE-2021-30189 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30189"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please visit the CODESYS update area for more information on how to obtain the software updates.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.codesys.com/download"
},
{
"category": "mitigation",
"details": "Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use firewalls to protect and separate the control system network from other networks.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use VPN (virtual private network) tunnels if remote access is required.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Activate and apply user management and password features.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use encrypted communication links.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Limit access to both development and control system by physical means, operating system features, etc.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Protect both development and control system operations by using up to date virus detecting solutions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf"
},
{
"category": "mitigation",
"details": "Please see CODESYS Advisory 2021-07 for more information.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-30190",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "The user management of the CODESYS v2.3 WebVisu allows user dependent control of access to the visualization pages. However, subordinate requests to read or write values are forwarded to the CODESYS Control runtime system regardless of successful authentication. This enables crafted web server requests to bypass user management and read or write values on the PLC without authentication.CVE-2021-30190 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30190"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please visit the CODESYS update area for more information on how to obtain the software updates.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.codesys.com/download"
},
{
"category": "mitigation",
"details": "Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use firewalls to protect and separate the control system network from other networks.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use VPN (virtual private network) tunnels if remote access is required.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Activate and apply user management and password features.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use encrypted communication links.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Limit access to both development and control system by physical means, operating system features, etc.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Protect both development and control system operations by using up to date virus detecting solutions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf"
},
{
"category": "mitigation",
"details": "Please see CODESYS Advisory 2021-07 for more information.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-30191",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Crafted web server requests can cause an over-read or over-write of a buffer in the CODESYS web server, which typically leads to a denial-of-service condition.CVE-2021-30191 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30191"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please visit the CODESYS update area for more information on how to obtain the software updates.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.codesys.com/download"
},
{
"category": "mitigation",
"details": "Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use firewalls to protect and separate the control system network from other networks.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use VPN (virtual private network) tunnels if remote access is required.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Activate and apply user management and password features.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use encrypted communication links.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Limit access to both development and control system by physical means, operating system features, etc.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Protect both development and control system operations by using up to date virus detecting solutions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf"
},
{
"category": "mitigation",
"details": "Please see CODESYS Advisory 2021-07 for more information.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-30192",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"notes": [
{
"category": "summary",
"text": "Crafted web server requests can bypass the security checks for boot project-related files on the CODESYS Control runtime system and be uploaded from the CODESYS Control runtime system.CVE-2021-30192 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30192"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please visit the CODESYS update area for more information on how to obtain the software updates.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.codesys.com/download"
},
{
"category": "mitigation",
"details": "Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use firewalls to protect and separate the control system network from other networks.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use VPN (virtual private network) tunnels if remote access is required.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Activate and apply user management and password features.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use encrypted communication links.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Limit access to both development and control system by physical means, operating system features, etc.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Protect both development and control system operations by using up to date virus detecting solutions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf"
},
{
"category": "mitigation",
"details": "Please see CODESYS Advisory 2021-07 for more information.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-30193",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Crafted web server requests can be utilized to write arbitrary memory in the CODESYS Control runtime system. This could allow an attacker to execute code on the CODESYS Control runtime system or cause a denial-of-service condition due to a crash of the CODESYS Control runtime system.CVE-2021-30193 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30193"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please visit the CODESYS update area for more information on how to obtain the software updates.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.codesys.com/download"
},
{
"category": "mitigation",
"details": "Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use firewalls to protect and separate the control system network from other networks.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use VPN (virtual private network) tunnels if remote access is required.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Activate and apply user management and password features.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use encrypted communication links.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Limit access to both development and control system by physical means, operating system features, etc.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Protect both development and control system operations by using up to date virus detecting solutions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf"
},
{
"category": "mitigation",
"details": "Please see CODESYS Advisory 2021-07 for more information.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-30194",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Crafted web server requests can be utilized to read arbitrary memory in the CODESYS Control runtime system or crash the CODESYS web server.CVE-2021-30194 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30194"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "CODESYS GmbH has released Version 1.1.9.20 of the CODESYS V2 web server to address these vulnerabilities. This version of the CODESYS V2 web server is also part of the CODESYS Development System setup Version 2.3.9.66",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Please visit the CODESYS update area for more information on how to obtain the software updates.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.codesys.com/download"
},
{
"category": "mitigation",
"details": "Use controllers and devices only in a protected environment to minimize network exposure, ensuring they are not accessible from outside.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use firewalls to protect and separate the control system network from other networks.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use VPN (virtual private network) tunnels if remote access is required.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Activate and apply user management and password features.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use encrypted communication links.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Limit access to both development and control system by physical means, operating system features, etc.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Protect both development and control system operations by using up to date virus detecting solutions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf"
},
{
"category": "mitigation",
"details": "Please see CODESYS Advisory 2021-07 for more information.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
VAR-202105-0852
Vulnerability from variot - Updated: 2025-08-16 22:21CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. CODESYS V2 Web-Server Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0852",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "750-8204",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-881",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-891",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-8216",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-862",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-8206",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8211",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8217",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8212",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-882",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-889",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-880",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw16"
},
{
"model": "750-829",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "v2 web server",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "1.1.9.20"
},
{
"model": "750-832",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-885",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-852",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-8214",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-823",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-893",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-8202",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-831",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-8210",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8213",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8207",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-890",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-8208",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8203",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "codesys v2 web server",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys v2 web server",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "1.1.9.20"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007155"
},
{
"db": "NVD",
"id": "CVE-2021-30192"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vyacheslav Moskvin, Sergey Fedonin, and Anton Dorfman of Positive Technologies reported these vulnerabilities to CODESYS.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1621"
}
],
"trust": 0.6
},
"cve": "CVE-2021-30192",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-30192",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-30192",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30192",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30192",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-30192",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1621",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007155"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1621"
},
{
"db": "NVD",
"id": "CVE-2021-30192"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. CODESYS V2 Web-Server Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30192"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007155"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30192",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-173-02",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU97061687",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007155",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062306",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2215",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1621",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007155"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1621"
},
{
"db": "NVD",
"id": "CVE-2021-30192"
}
]
},
"id": "VAR-202105-0852",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.38665413157894735
},
"last_update_date": "2025-08-16T22:21:47.324000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02021-07",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007155"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007155"
},
{
"db": "NVD",
"id": "CVE-2021-30192"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97061687/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30192"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-173-02"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062306"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2215"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-173-02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007155"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1621"
},
{
"db": "NVD",
"id": "CVE-2021-30192"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007155"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1621"
},
{
"db": "NVD",
"id": "CVE-2021-30192"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007155"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1621"
},
{
"date": "2021-05-25T13:15:17.837000",
"db": "NVD",
"id": "CVE-2021-30192"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-03T07:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-007155"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1621"
},
{
"date": "2025-08-15T20:27:29.643000",
"db": "NVD",
"id": "CVE-2021-30192"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1621"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0V2\u00a0Web-Server\u00a0 Authentication Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007155"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1621"
}
],
"trust": 1.2
}
}
GSD-2021-30192
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-30192",
"description": "CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.",
"id": "GSD-2021-30192"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-30192"
],
"details": "CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.",
"id": "GSD-2021-30192",
"modified": "2023-12-13T01:23:31.914638Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:codesys:v2_web_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.9.20",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30192"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download=",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-05-27T01:22Z",
"publishedDate": "2021-05-25T13:15Z"
}
}
}
BDU:2021-03150
Vulnerability from fstec - Published: 25.05.2021
VLAI Severity ?
Title
Уязвимость программного комплекса промышленной автоматизации CODESYS, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость компонента CODESYS V2.3 web server программного комплекса промышленной автоматизации CODESYS связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity ?
Vendor
CODESYS GmbH
Software Name
CoDeSys
Software Version
до 1.1.9.20 (CoDeSys)
Possible Mitigations
Обновление программного комплекса промышленной автоматизации CODESYS до более новой версии.
Reference
https://xakep.ru/2021/06/04/codesys-flaws/
https://nvd.nist.gov/vuln/detail/CVE-2021-30192
CWE
CWE-863
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "CODESYS GmbH",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.1.9.20 (CoDeSys)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u0430 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 CODESYS \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.05.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.06.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.06.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03150",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-30192",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "CoDeSys",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u0430 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 CODESYS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 CODESYS V2.3 web server \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u0430 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 CODESYS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://xakep.ru/2021/06/04/codesys-flaws/\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30192",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-863",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
FKIE_CVE-2021-30192
Vulnerability from fkie_nvd - Published: 2021-05-25 13:15 - Updated: 2025-08-15 20:27
Severity ?
Summary
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14726&token=553da5d11234bbe1ceed59969d419a71bb8c8747&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14726&token=553da5d11234bbe1ceed59969d419a71bb8c8747&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wago | 750-893_firmware | * | |
| wago | 750-893 | - | |
| wago | 750-891_firmware | * | |
| wago | 750-891 | - | |
| wago | 750-890_firmware | * | |
| wago | 750-890 | - | |
| wago | 750-889_firmware | * | |
| wago | 750-889 | - | |
| wago | 750-885_firmware | * | |
| wago | 750-885 | - | |
| wago | 750-882_firmware | * | |
| wago | 750-882 | - | |
| wago | 750-881_firmware | * | |
| wago | 750-881 | - | |
| wago | 750-880_firmware | * | |
| wago | 750-880 | - | |
| wago | 750-862_firmware | * | |
| wago | 750-862 | - | |
| wago | 750-852_firmware | * | |
| wago | 750-852 | - | |
| wago | 750-832_firmware | * | |
| wago | 750-832 | - | |
| wago | 750-831_firmware | * | |
| wago | 750-831 | - | |
| wago | 750-829_firmware | * | |
| wago | 750-829 | - | |
| wago | 750-8202_firmware | * | |
| wago | 750-8202 | - | |
| wago | 750-8203_firmware | * | |
| wago | 750-8203 | - | |
| wago | 750-8204_firmware | * | |
| wago | 750-8204 | - | |
| wago | 750-8206_firmware | * | |
| wago | 750-8206 | - | |
| wago | 750-8207_firmware | * | |
| wago | 750-8207 | - | |
| wago | 750-8208_firmware | * | |
| wago | 750-8208 | - | |
| wago | 750-8210_firmware | * | |
| wago | 750-8210 | - | |
| wago | 750-8211_firmware | * | |
| wago | 750-8211 | - | |
| wago | 750-8212_firmware | * | |
| wago | 750-8212 | - | |
| wago | 750-8213_firmware | * | |
| wago | 750-8213 | - | |
| wago | 750-8214_firmware | * | |
| wago | 750-8214 | - | |
| wago | 750-8216_firmware | * | |
| wago | 750-8216 | - | |
| wago | 750-8217_firmware | * | |
| wago | 750-8217 | - | |
| codesys | v2_web_server | * | |
| wago | 750-823_firmware | * | |
| wago | 750-823 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCDEBB8-1A23-470E-858E-113E382EF5C4",
"versionEndExcluding": "fw08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4795D0-B90B-4643-8713-88D89172D1A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412C2148-01BA-4EB5-9843-B88EF40FC49E",
"versionEndExcluding": "fw08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22BAABD9-A10D-4904-AA02-C37C4490B47A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD51A1B9-5BD7-4458-BE90-18D1666B807E",
"versionEndExcluding": "fw08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11751A8B-FCFD-433B-9065-B4FC85168A93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C253BB7-B264-4FD3-8691-E11806C6E126",
"versionEndExcluding": "fw15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57919AAB-2962-4543-810A-C143300351F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A7AD4D-EF15-4A2F-A5DB-69390238A4B8",
"versionEndExcluding": "fw15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7712F56E-AEBA-4DE0-9172-26F3D29B369B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B26C1E90-3A58-441E-B2F6-56FF9A4807CE",
"versionEndExcluding": "fw15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1379D65-F376-4618-B708-5E59D64C8033",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E9B30D-158F-4A96-904A-21A6B4E693FC",
"versionEndExcluding": "fw15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE51647-62C1-4D3C-91FA-13ACA6CD71D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD07A69-6741-446B-8D02-4F9BACDDD973",
"versionEndExcluding": "fw16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEAC4D9-15CF-44B8-844D-C012AA4637A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DB181E-1417-4B82-9A50-59E82F9968AB",
"versionEndExcluding": "fw08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA04FBFB-9E1C-4618-9FDC-70675506D8D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA876F0F-AA09-4972-B6D8-C1625E742ED9",
"versionEndExcluding": "fw15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6739E1-EF0B-48EE-90FC-5708756FC362",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1199B32D-F6F2-473A-83F0-3E53735F7072",
"versionEndExcluding": "fw08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13D1FA8D-C8BA-4D1C-8372-DECD40177631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8D785A-E80C-42CA-8070-C50914A7442E",
"versionEndExcluding": "fw15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0631884-FF6F-4AA9-9D76-CDECB5A738FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D510EFD-2F2E-42A9-BD92-B200CB22267A",
"versionEndExcluding": "fw15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F88F6E08-2D1B-4B34-B8DB-40292C0BBEB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03675DC5-0563-4742-90F1-85CCE629157E",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23B02096-81A5-4823-94F3-D87F389397DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8178F4C-BD4B-4E22-95F9-5264FD29E557",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC428EC8-532A-4825-BCE3-C42A4BC01C68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC5F373-F17C-441A-AB86-F22D624E744E",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF14BE1-1EB5-423B-9FE7-E401AEF92553",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C723A05-DC44-4F43-BEC2-EAD27E68804B",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E17ECC4-D7AE-485C-A2EF-4148817F9DB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40789CA2-C91E-4510-A759-51C01A86C3F2",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA98A0D9-B050-430B-96C5-15932438FD3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE72D10-8E25-4939-9255-23E8FED88449",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C86098FC-E63E-4676-8BA1-ADCA30795558",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED56607-5CA6-47F5-8C2A-AEF69CB4A9F7",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E11758B-46C3-4E57-943A-C9C073AE5211",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E03C56-1319-4EE2-BF99-A4BA861D8381",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD6B267-3E4B-4597-82A6-130D6F21C728",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2343C5B1-4905-405B-ACD7-375C31FC6C9A",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20BBC380-0F6E-4400-93AF-5B6CFEF00562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E486580C-8400-4235-A617-8DBF4F65F31D",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4969E8EB-EF09-47B9-8F03-37BB87CFD048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE5D039-B7BA-4876-9B3B-B41CCA778A98",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979A8E43-4285-4A7B-BB0B-E6888117862C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2AA067-9AA9-4D52-B609-C77CAD71CD33",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B854F74-173E-4523-BBA7-8FF7A9B9880E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8032A39-1795-4AB0-9822-8A16EFFD1AE0",
"versionEndExcluding": "03.06.19_\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B23CD8FD-FC7A-4E24-BF8F-648478D82645",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:v2_web_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1A7238-78B6-4521-92ED-B5761E68402E",
"versionEndExcluding": "1.1.9.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E02A0AE-7B50-4918-95DB-61598A7DA57F",
"versionEndExcluding": "fw08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB88572A-CB05-4B52-8BFC-05EFDC819244",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check."
},
{
"lang": "es",
"value": "CODESYS V2 Web-Server versiones anteriores a 1.1.9.20, presenta una Comprobaci\u00f3n de Seguridad Implementada Inapropiadamente"
}
],
"id": "CVE-2021-30192",
"lastModified": "2025-08-15T20:27:29.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T13:15:17.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-M8J4-8JWG-MC3J
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-07-13 00:01
VLAI?
Details
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2021-30192"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-25T13:15:00Z",
"severity": "CRITICAL"
},
"details": "CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.",
"id": "GHSA-m8j4-8jwg-mc3j",
"modified": "2022-07-13T00:01:18Z",
"published": "2022-05-24T19:03:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30192"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
VDE-2021-014
Vulnerability from csaf_wagogmbhcokg - Published: 2021-05-20 09:08 - Updated: 2025-05-22 13:03Summary
WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3
Notes
Summary: Multiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC's.
Impact: The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerabilities, to manipulate and disrupt the CODESYS 2.3 Runtime.
Remediation: WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller:
**Article No.** | **Fixed Version** | **Available** |
|-----------------------|-------------------|----------------|
| 750-823 | >=FW08 | June 2021 |
| 750-829 | >=FW15 | May 2021 |
| 750-831/000-00x | >=FW15 | May 2021 |
| 750-832/000-00x | >=FW08 | June 2021 |
| 750-852 | >=FW15 | May 2021 |
| 750-862 | >=FW08 | June 2021 |
| 750-880/0xx-xxx | >=FW16 | May 2021 |
| 750-881 | >=FW15 | May 2021 |
| 750-882 | >=FW15 | May 2021 |
| 750-885/0xx-xxx | >=FW15 | May 2021 |
| 750-889 | >=FW15 | May 2021 |
| 750-890/0xx-xxx | >=FW08 | June 2021 |
| 750-891 | >=FW08 | June 2021 |
| 750-893 | >=FW08 | June 2021 |
Series PFC200 Controller
| **Article No.** | **Fixed Patch** | **Patch Available** | **Fixed Firmware** | **Firmware Approx. Available** |
|------------------------|-----------------------|----------------------|--------------------|---------------------------------|
| 750-8202/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8203/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8204/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8206/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8207/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8208/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8210/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8211/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8212/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8213/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8214/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8216/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8217/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
Mitigation: 1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the CODESYS 2.3 Web-Visualisation and CODESYS 2.3 port 2455.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html external link
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
6.8 (Medium)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
9.8 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
9.8 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
9.8 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
9.8 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
9.1 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
7.5 (High)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
7.5 (High)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
7.5 (High)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
7.5 (High)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
6.5 (Medium)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
5.3 (Medium)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
References
Acknowledgments
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Mathy Vanhoef"
],
"organization": "imec-DistriNet",
"summary": "reporting."
},
{
"names": [
"KU Leuven"
],
"organization": "krackattacks",
"summary": "reporting."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC\u0027s.",
"title": "Summary"
},
{
"category": "description",
"text": "The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerabilities, to manipulate and disrupt the CODESYS 2.3 Runtime.",
"title": "Impact"
},
{
"category": "description",
"text": "WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.\n\nSeries Ethernet Controller:\n **Article No.** | **Fixed Version** | **Available** |\n|-----------------------|-------------------|----------------|\n| 750-823 | \u003e=FW08 | June 2021 |\n| 750-829 | \u003e=FW15 | May 2021 |\n| 750-831/000-00x | \u003e=FW15 | May 2021 |\n| 750-832/000-00x | \u003e=FW08 | June 2021 |\n| 750-852 | \u003e=FW15 | May 2021 |\n| 750-862 | \u003e=FW08 | June 2021 |\n| 750-880/0xx-xxx | \u003e=FW16 | May 2021 |\n| 750-881 | \u003e=FW15 | May 2021 |\n| 750-882 | \u003e=FW15 | May 2021 |\n| 750-885/0xx-xxx | \u003e=FW15 | May 2021 |\n| 750-889 | \u003e=FW15 | May 2021 |\n| 750-890/0xx-xxx | \u003e=FW08 | June 2021 |\n| 750-891 | \u003e=FW08 | June 2021 |\n| 750-893 | \u003e=FW08 | June 2021 |\n\nSeries PFC200 Controller\n| **Article No.** | **Fixed Patch** | **Patch Available** | **Fixed Firmware** | **Firmware Approx. Available** |\n|------------------------|-----------------------|----------------------|--------------------|---------------------------------|\n| 750-8202/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8203/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8204/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8206/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8207/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8208/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8210/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8211/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8212/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8213/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8214/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8216/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8217/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n",
"title": "Remediation"
},
{
"category": "description",
"text": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the CODESYS 2.3 Web-Visualisation and CODESYS 2.3 port 2455.\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html external link",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "external",
"summary": "WAGO advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2021-014: WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-014"
},
{
"category": "self",
"summary": "VDE-2021-014: WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-014.json"
}
],
"title": "WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3",
"tracking": {
"aliases": [
"VDE-2021-014"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-01-15T12:21:13.476Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.16"
}
},
"id": "VDE-2021-014",
"initial_release_date": "2021-05-20T09:08:00.000Z",
"revision_history": [
{
"date": "2021-05-15T09:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: version space, added distribution, quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-8202/xxx-xxx",
"product": {
"name": "750-8202/xxx-xxx",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "750-8203/xxx-xxx",
"product": {
"name": "750-8203/xxx-xxx",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "750-8204/xxx-xxx",
"product": {
"name": "750-8204/xxx-xxx",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "750-8206/xxx-xxx",
"product": {
"name": "750-8206/xxx-xxx",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "750-8207/xxx-xxx",
"product": {
"name": "750-8207/xxx-xxx",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "750-8208/xxx-xxx",
"product": {
"name": "750-8208/xxx-xxx",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "750-8210/xxx-xxx",
"product": {
"name": "750-8210/xxx-xxx",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "750-8211/xxx-xxx",
"product": {
"name": "750-8211/xxx-xxx",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "750-8212/xxx-xxx",
"product": {
"name": "750-8212/xxx-xxx",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "750-8213/xxx-xxx",
"product": {
"name": "750-8213/xxx-xxx",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "750-8214/xxx-xxx",
"product": {
"name": "750-8214/xxx-xxx",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "750-8216/xxx-xxx",
"product": {
"name": "750-8216/xxx-xxx",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "750-8217/xxx-xxx",
"product": {
"name": "750-8217/xxx-xxx",
"product_id": "CSAFPID-11013"
}
},
{
"category": "product_name",
"name": "750-823",
"product": {
"name": "750-823",
"product_id": "CSAFPID-11014"
}
},
{
"category": "product_name",
"name": "750-829",
"product": {
"name": "750-829",
"product_id": "CSAFPID-11015"
}
},
{
"category": "product_name",
"name": "750-831/000-00x",
"product": {
"name": "750-831/000-00x",
"product_id": "CSAFPID-11016"
}
},
{
"category": "product_name",
"name": "750-832/000-00x",
"product": {
"name": "750-832/000-00x",
"product_id": "CSAFPID-11017"
}
},
{
"category": "product_name",
"name": "750-852",
"product": {
"name": "750-852",
"product_id": "CSAFPID-11018"
}
},
{
"category": "product_name",
"name": "750-862",
"product": {
"name": "750-862",
"product_id": "CSAFPID-11019"
}
},
{
"category": "product_name",
"name": "750-880/0xx-xxx",
"product": {
"name": "750-880/0xx-xxx",
"product_id": "CSAFPID-11020"
}
},
{
"category": "product_name",
"name": "750-881",
"product": {
"name": "750-881",
"product_id": "CSAFPID-11021"
}
},
{
"category": "product_name",
"name": "750-882",
"product": {
"name": "750-882",
"product_id": "CSAFPID-11022"
}
},
{
"category": "product_name",
"name": "750-885/0xx-xxx",
"product": {
"name": "750-885/0xx-xxx",
"product_id": "CSAFPID-11023"
}
},
{
"category": "product_name",
"name": "750-889",
"product": {
"name": "750-889",
"product_id": "CSAFPID-11024"
}
},
{
"category": "product_name",
"name": "750-890/0xx-xxx",
"product": {
"name": "750-890/0xx-xxx",
"product_id": "CSAFPID-11025"
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "750-891",
"product_id": "CSAFPID-11026"
}
},
{
"category": "product_name",
"name": "750-893",
"product": {
"name": "750-893",
"product_id": "CSAFPID-11027"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c03.06.19 (18)",
"product": {
"name": "Firmware \u003c03.06.19 (18)",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW06",
"product": {
"name": "Firmware \u003c=FW06",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW07",
"product": {
"name": "Firmware \u003c=FW07",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW14",
"product": {
"name": "Firmware \u003c=FW14",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW15",
"product": {
"name": "Firmware \u003c=FW15",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version",
"name": "FW08",
"product": {
"name": "Firmware FW08",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "FW15",
"product": {
"name": "Firmware FW15",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "FW16",
"product": {
"name": "Firmware FW16",
"product_id": "CSAFPID-22004"
}
},
{
"category": "patch_level",
"name": "03.06.19 (18)",
"product": {
"name": "Firmware 03.06.19 (18)",
"product_id": "CSAFPID-22005"
}
},
{
"category": "product_version",
"name": "FW19",
"product": {
"name": "Firmware FW19",
"product_id": "CSAFPID-22006"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040"
],
"summary": "Fixed Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8202/xxx-xxx",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8203/xxx-xxx",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8204/xxx-xxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8206/xxx-xxx",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8207/xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8208/xxx-xxx",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8210/xxx-xxx",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8211/xxx-xxx",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8212/xxx-xxx",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8213/xxx-xxx",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8214/xxx-xxx",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8216/xxx-xxx",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-823",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-829",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-831/000-00x",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW06 installed on 750-832/000-00x",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-852",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-862",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW15 installed on 750-880/0xx-xxx",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-881",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-882",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-885/0xx-xxx",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-889",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-890/0xx-xxx",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-891",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-893",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-823",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-885/0xx-xxx installed on 750-829",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-32010",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-831/000-00x",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-832/000-00x",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-852",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-862",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW16 installed on 750-880/0xx-xxx",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-881",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-882",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-885/0xx-xxx",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-889",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-890/0xx-xxx",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-891",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-893",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8202/xxx-xxx",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8203/xxx-xxx",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8204/xxx-xxx",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8206/xxx-xxx",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8207/xxx-xxx",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8208/xxx-xxx",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8210/xxx-xxx",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8211/xxx-xxx",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8212/xxx-xxx",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8213/xxx-xxx",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8214/xxx-xxx",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8216/xxx-xxx",
"product_id": "CSAFPID-32026"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-32027"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8202/xxx-xxx",
"product_id": "CSAFPID-32028"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8203/xxx-xxx",
"product_id": "CSAFPID-32029"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8204/xxx-xxx",
"product_id": "CSAFPID-32030"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8206/xxx-xxx",
"product_id": "CSAFPID-32031"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8207/xxx-xxx",
"product_id": "CSAFPID-32032"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8208/xxx-xxx",
"product_id": "CSAFPID-32033"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8210/xxx-xxx",
"product_id": "CSAFPID-32034"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8211/xxx-xxx",
"product_id": "CSAFPID-32035"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8212/xxx-xxx",
"product_id": "CSAFPID-32036"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8213/xxx-xxx",
"product_id": "CSAFPID-32037"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8214/xxx-xxx",
"product_id": "CSAFPID-32038"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8216/xxx-xxx",
"product_id": "CSAFPID-32039"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-32040"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11013"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30192",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30192"
},
{
"cve": "CVE-2021-30193",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30193"
},
{
"cve": "CVE-2021-30188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30188"
},
{
"cve": "CVE-2021-30189",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30189"
},
{
"cve": "CVE-2021-30190",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30190"
},
{
"cve": "CVE-2021-30194",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30194"
},
{
"cve": "CVE-2021-30195",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30195"
},
{
"cve": "CVE-2021-30186",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30186"
},
{
"cve": "CVE-2021-30191",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30191"
},
{
"cve": "CVE-2021-21000",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-21000"
},
{
"cve": "CVE-2021-21001",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-21001"
},
{
"cve": "CVE-2021-30187",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30187"
}
]
}
CNVD-2021-37670
Vulnerability from cnvd - Published: 2021-05-28
VLAI Severity ?
Title
3S-Smart Software Solutions CODESYS V2 Web-Server安全检查绕过漏洞
Description
3S-Smart Software Solutions CODESYS V2 Web-Server是德国3S-Smart Software Solutions公司的一个应用程序。一个web服务器。
3S-Smart Software Solutions CODESYS V2 Web-Server1.1.9.20之前版本存在安全检查绕过漏洞,攻击者可利用该漏洞绕过CODESYS Control runtime system与启动项目相关的文件的安全检查。
Severity
高
Patch Name
3S-Smart Software Solutions CODESYS V2 Web-Server安全检查绕过漏洞的补丁
Patch Description
3S-Smart Software Solutions CODESYS V2 Web-Server是德国3S-Smart Software Solutions公司的一个应用程序。一个web服务器。
3S-Smart Software Solutions CODESYS V2 Web-Server1.1.9.20之前版本存在安全检查绕过漏洞,攻击者可利用该漏洞绕过CODESYS Control runtime system与启动项目相关的文件的安全检查。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14726&token=553da5d11234bbe1ceed59969d419a71bb8c8747&download=
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-30192
Impacted products
| Name | 3S-Smart Software Solutions CODESYS V2 Web-Server <1.1.9.20 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-30192",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-30192"
}
},
"description": "3S-Smart Software Solutions CODESYS V2 Web-Server\u662f\u5fb7\u56fd3S-Smart Software Solutions\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u3002\u4e00\u4e2aweb\u670d\u52a1\u5668\u3002\n\n3S-Smart Software Solutions CODESYS V2 Web-Server1.1.9.20\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u68c0\u67e5\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7CODESYS Control runtime system\u4e0e\u542f\u52a8\u9879\u76ee\u76f8\u5173\u7684\u6587\u4ef6\u7684\u5b89\u5168\u68c0\u67e5\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14726\u0026token=553da5d11234bbe1ceed59969d419a71bb8c8747\u0026download=",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-37670",
"openTime": "2021-05-28",
"patchDescription": "3S-Smart Software Solutions CODESYS V2 Web-Server\u662f\u5fb7\u56fd3S-Smart Software Solutions\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u3002\u4e00\u4e2aweb\u670d\u52a1\u5668\u3002\r\n\r\n3S-Smart Software Solutions CODESYS V2 Web-Server1.1.9.20\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u68c0\u67e5\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7CODESYS Control runtime system\u4e0e\u542f\u52a8\u9879\u76ee\u76f8\u5173\u7684\u6587\u4ef6\u7684\u5b89\u5168\u68c0\u67e5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "3S-Smart Software Solutions CODESYS V2 Web-Server\u5b89\u5168\u68c0\u67e5\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "3S-Smart Software Solutions CODESYS V2 Web-Server \u003c1.1.9.20"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-30192",
"serverity": "\u9ad8",
"submitTime": "2021-05-26",
"title": "3S-Smart Software Solutions CODESYS V2 Web-Server\u5b89\u5168\u68c0\u67e5\u7ed5\u8fc7\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…