CVE-2021-33485
CRITICALCODESYS Control Runtime <3.5.17.10 - Buffer Overflow
Title source: llmDescription
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download=
Scores
CVSS v3
9.8
EPSS
0.0114
EPSS Percentile
62.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-122
CWE-787
Status
published
Products (7)
codesys/control
< 4.2.0.0 (9 CPE variants)
codesys/control_rte
< 3.5.17.10 (2 CPE variants)
codesys/control_runtime_system_toolkit
< 3.5.17.10
codesys/control_win_sl
< 3.5.17.10
codesys/embedded_target_visu_toolkit
< 3.5.17.10
codesys/hmi
< 3.5.17.10
codesys/remote_target_visu_toolkit
< 3.5.17.10
Published
Aug 03, 2021
Tracked Since
Feb 18, 2026