CVE-2021-34584— CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-34584
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缓冲区上溢读取
Source: NVD (National Vulnerability Database)
Vulnerability Title
CODESYS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CODESYS是德国3S-Smart Software Solutions的一套控制器开发系统 CODESYS V2 web server 1.1.9.22 之前版本存在安全漏洞,该漏洞源于精心制作的web服务器请求可以用来读取部分堆栈或堆内存,可能触发拒绝服务攻击,从而导致服务器崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CODESYS | CODESYS V2 | all web servers ~ V1.1.9.22 | - |
II. Public POCs for CVE-2021-34584
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-34584
请登录查看更多情报信息。
- https://www.tenable.com/security/research/tra-2021-47x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-34584
Same Patch Batch · CODESYS · 2021-10-26 · 7 CVEs total
| CVE-2021-34595 | 8.1 HIGH | CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service |
| CVE-2021-34593 | 7.5 HIGH | CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service |
| CVE-2021-34586 | 7.5 HIGH | CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS) |
| CVE-2021-34585 | 7.5 HIGH | CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invali |
| CVE-2021-34583 | 7.5 HIGH | CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS) |
| CVE-2021-34596 | 6.5 MEDIUM | CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service |
IV. Related Vulnerabilities
Same product: CODESYS V2
- CVE-2021-34596
CODESYS V2 runtime: Access of Uninitialized Pointer may resu - CVE-2021-34595
CODESYS V2 runtime: out-of-bounds read or write access may r - CVE-2021-34593
CODESYS V2 runtime: unauthenticated invalid requests may res - CVE-2021-34586
CODESYS V2 web server: crafted requests could trigger a null - CVE-2021-34585
CODESYS V2 web server: crafted requests could trigger a poin
Same vendor: CODESYS
- CVE-2026-35225
Improper timeout handling in CODESYS EtherNetIP - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2025-41660
CODESYS Control Boot Application Replacement Enables Code Ex - CVE-2026-2364
CODESYS Installer TOCTOU Privilege Escalation - CVE-2025-41700
CODESYS Development System - Deserialization of Untrusted Da
V. Comments for CVE-2021-34584
No comments yet