Описание
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Ссылки
- MitigationPatchThird Party Advisory
- ExploitThird Party Advisory
- MitigationPatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Уязвимость плагина Engine.plugin комплекса прикладного программирования ПЛК CODESYS Development System, позволяющая нарушителю выполнить произвольную команду
EPSS
8.8 High
CVSS3
7.8 High
CVSS3
6.8 Medium
CVSS2