First published: Thu Aug 05 2021(Updated: )
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
CODESYS Development System | =3.5.16.0 | |
CODESYS Development System | =3.5.17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-21863.
The severity of CVE-2021-21863 is high with a CVSS severity score of 7.8.
CODESYS Development System versions 3.5.16 and 3.5.17 are affected by CVE-2021-21863.
The vulnerability occurs due to an unsafe deserialization issue in the ComponentModel Profile.FromFile() functionality of CODESYS Development System.
Yes, an attacker can exploit the vulnerability to execute arbitrary commands by providing a specially crafted file.