Vulnerabilities > CVE-2021-21867 - Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Codesys
2

Common Weakness Enumeration (CWE)