CVE-2021-34584

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=	Vendor Advisory
https://www.tenable.com/security/research/tra-2021-47	Exploit Third Party Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=	Vendor Advisory
https://www.tenable.com/security/research/tra-2021-47	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*

Configuration 28 (hide)

cpe:2.3:a:codesys:codesys:*:*:*:*:*:*:*:*

History

15 Aug 2025, 20:26

Type	Values Removed	Values Added
CPE		cpe:2.3:o:wago:750-885_firmware:::::::: cpe:2.3:h:wago:750-862:-:::::::* cpe:2.3:h:wago:750-891:-:::::::* cpe:2.3:h:wago:750-8204:-:::::::* cpe:2.3:o:wago:750-8213_firmware:::::::: cpe:2.3:o:wago:750-8210_firmware:::::::: cpe:2.3:h:wago:750-885:-:::::::* cpe:2.3:h:wago:750-832:-:::::::* cpe:2.3:h:wago:750-8202:-:::::::* cpe:2.3:h:wago:750-8206:-:::::::* cpe:2.3:h:wago:750-8216:-:::::::* cpe:2.3:h:wago:750-882:-:::::::* cpe:2.3:h:wago:750-831:-:::::::* cpe:2.3:h:wago:750-823:-:::::::* cpe:2.3:h:wago:750-852:-:::::::* cpe:2.3:o:wago:750-889_firmware:::::::: cpe:2.3:o:wago:750-890_firmware:::::::: cpe:2.3:h:wago:750-893:-:::::::* cpe:2.3:o:wago:750-8204_firmware:::::::: cpe:2.3:o:wago:750-8206_firmware:::::::: cpe:2.3:h:wago:750-8203:-:::::::* cpe:2.3:h:wago:750-880:-:::::::* cpe:2.3:o:wago:750-829_firmware:::::::: cpe:2.3:o:wago:750-8214_firmware:::::::: cpe:2.3:h:wago:750-881:-:::::::* cpe:2.3:o:wago:750-8203_firmware:::::::: cpe:2.3:o:wago:750-8211_firmware:::::::: cpe:2.3:h:wago:750-8212:-:::::::* cpe:2.3:o:wago:750-8216_firmware:::::::: cpe:2.3:o:wago:750-893_firmware:::::::: cpe:2.3:o:wago:750-881_firmware:::::::: cpe:2.3:h:wago:750-8208:-:::::::* cpe:2.3:o:wago:750-8202_firmware:::::::: cpe:2.3:h:wago:750-8210:-:::::::* cpe:2.3:o:wago:750-880_firmware:::::::: cpe:2.3:o:wago:750-8207_firmware:::::::: cpe:2.3:h:wago:750-8213:-:::::::* cpe:2.3:o:wago:750-832_firmware:::::::: cpe:2.3:o:wago:750-8217_firmware:::::::: cpe:2.3:o:wago:750-831_firmware:::::::: cpe:2.3:h:wago:750-829:-:::::::* cpe:2.3:h:wago:750-889:-:::::::* cpe:2.3:h:wago:750-8211:-:::::::* cpe:2.3:o:wago:750-891_firmware:::::::: cpe:2.3:o:wago:750-823_firmware:::::::: cpe:2.3:h:wago:750-8214:-:::::::* cpe:2.3:h:wago:750-8217:-:::::::* cpe:2.3:o:wago:750-852_firmware:::::::: cpe:2.3:h:wago:750-890:-:::::::* cpe:2.3:h:wago:750-8207:-:::::::* cpe:2.3:o:wago:750-8212_firmware:::::::: cpe:2.3:o:wago:750-882_firmware:::::::: cpe:2.3:o:wago:750-8208_firmware:::::::: cpe:2.3:o:wago:750-862_firmware::::::::
First Time		Wago 750-8213 Firmware Wago 750-8214 Firmware Wago 750-882 Firmware Wago 750-889 Firmware Wago 750-823 Firmware Wago 750-8202 Wago 750-831 Wago 750-891 Firmware Wago 750-891 Wago 750-8213 Wago 750-8206 Wago 750-8210 Wago 750-8208 Wago 750-8211 Wago 750-8217 Firmware Wago 750-882 Wago 750-8202 Firmware Wago 750-890 Firmware Wago 750-852 Firmware Wago Wago 750-885 Wago 750-832 Firmware Wago 750-8217 Wago 750-880 Firmware Wago 750-862 Firmware Wago 750-8210 Firmware Wago 750-823 Wago 750-831 Firmware Wago 750-8203 Wago 750-829 Wago 750-8204 Wago 750-890 Wago 750-8208 Firmware Wago 750-8207 Firmware Wago 750-881 Firmware Wago 750-880 Wago 750-881 Wago 750-862 Wago 750-829 Firmware Wago 750-8206 Firmware Wago 750-832 Wago 750-885 Firmware Wago 750-8216 Wago 750-8214 Wago 750-8207 Wago 750-8203 Firmware Wago 750-8212 Wago 750-8211 Firmware Wago 750-8204 Firmware Wago 750-852 Wago 750-889 Wago 750-893 Wago 750-893 Firmware Wago 750-8212 Firmware Wago 750-8216 Firmware

21 Nov 2024, 06:10

Type	Values Removed	Values Added
References	~~() https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download= - Vendor Advisory~~	() https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download= - Vendor Advisory
References	~~() https://www.tenable.com/security/research/tra-2021-47 - Exploit, Third Party Advisory~~	() https://www.tenable.com/security/research/tra-2021-47 - Exploit, Third Party Advisory

Information

Published : 2021-10-26 10:15

Updated : 2025-08-15 20:26

NVD link : CVE-2021-34584

Mitre link : CVE-2021-34584

CVE.ORG link : CVE-2021-34584

JSON object : View

Products Affected

wago

750-8207_firmware
750-852
750-8206_firmware
750-8214
750-823
750-8216
750-8217
750-880
750-8217_firmware
750-893_firmware
750-832_firmware
750-8213
750-852_firmware
750-829_firmware
750-882
750-862_firmware
750-8210_firmware
750-8210
750-8208
750-8212_firmware
750-8203_firmware
750-890_firmware
750-889_firmware
750-831
750-893
750-889
750-829
750-8216_firmware
750-823_firmware
750-8212
750-881_firmware
750-880_firmware
750-882_firmware
750-890
750-8214_firmware
750-8204_firmware
750-885_firmware
750-885
750-8204
750-8207
750-8211
750-8206
750-891
750-8213_firmware
750-881
750-8208_firmware
750-831_firmware
750-832
750-891_firmware
750-8211_firmware
750-8202
750-8203
750-862
750-8202_firmware

codesys

codesys

CWE

CWE-126

Buffer Over-read

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-34584

9.1^/10

6.4^/10

Attach tags to `CVE-2021-34584`