Vulnerabilities > CVE-2021-36764 - NULL Pointer Dereference vulnerability in Codesys Gateway

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

codesys

CWE-476

NVD

Published: 2021-08-04

Updated: 2021-08-11

Summary

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

Vulnerable Configurations

Part	Description	Count
Application	Codesys Codesys Gateway 3.0 Codesys Gateway 3.5.8.60 Codesys Gateway 3.5.14.0 Codesys Gateway 3.5.14.20 Codesys Gateway 3.5.15.0 Codesys Gateway 3.5.15.30 Codesys Gateway 3.5.16.70 Codesys Gateway 3.5.17.0	8

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=