NULL Pointer Dereference in CODESYS Gateway Affects Multiple Versions
CVE-2021-29241

7.5HIGH

Key Information:

Vendor

Codesys

Status
Control For Pfc100 Sl
Control For Pfc200 Sl
Control For Raspberry Pi Sl
Control For Linux Sl
Vendor
CVE Published:
3 May 2021

What is CVE-2021-29241?

The CODESYS Gateway prior to version 3.5.16.70 contains a NULL pointer dereference vulnerability that could lead to a denial of service (DoS) condition. This issue may disrupt service availability and affect the performance of systems relying on this software. Users are advised to update to the latest version to mitigate this security risk.

References

https://customers.codesys.com/index.php
x_refsource_MISC
https://customers.codesys.com/index.php?eID=dumpFile&t=f&...
x_refsource_MISC
https://www.codesys.com/security/security-reports.html
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.