exploitDog

GHSA-c9pr-m29p-3rp7

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

Ссылки

EPSS

Процентиль: 19%

0.00062

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2021-21865

CVSS3: 7.8

nvd

больше 4 лет назад

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

BDU:2023-02707

CVSS3: 7.8

fstec

больше 3 лет назад

Уязвимость функции ExtensionMethods.Clone() комплекса прикладного программирования ПЛК CODESYS Development System, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 19%

0.00062

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-502