CVE Vulnerabilities in 2021

CVE-2021-33485

9.8 critical

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

Codesys Control Aug 3, 2021

CVE-2021-22779

9.1 critical

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack Re

Schneider-Electric Ecostruxure Control Expert Jul 14, 2021

CVE-2021-33012

8.6 high

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will ca

Rockwellautomation Micrologix 1100 Firmware Jul 9, 2021

CVE-2021-22768

9.8 critical

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

Schneider-Electric Powerlogic Egx100 Firmware Jun 11, 2021

CVE-2021-22767

9.8 critical

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276

Schneider-Electric Powerlogic Egx100 Firmware Jun 11, 2021

CVE-2021-22766

7.5 high

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet

Schneider-Electric Powerlogic Egx100 Firmware Jun 11, 2021

CVE-2021-22765

9.8 critical

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet

Schneider-Electric Powerlogic Egx100 Firmware Jun 11, 2021

CVE-2021-22764

5.3 medium

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially

Schneider-Electric Powerlogic Pm5560 Firmware Jun 11, 2021

CVE-2021-22763

9.8 critical

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

Schneider-Electric Powerlogic Pm5560 Firmware Jun 11, 2021

CVE-2021-22897

5.3 medium

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising

Haxx Curl Jun 11, 2021

CVE-2021-21735

6.5 medium

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V

Zte Zxhn H168N Firmware Jun 10, 2021

CVE-2021-32926

7.5 high

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All

Rockwellautomation Micro800 Firmware Jun 3, 2021

CVE-2021-3522

5.5 medium

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

Gstreamer Gstreamer Jun 2, 2021

CVE-2020-15782

9.8 critical

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU f

Siemens Simatic Driver Controller Firmware May 28, 2021

CVE-2021-27562

5.5 medium

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.

Trustedfirmware Trusted Firmware-M May 25, 2021

CVE-2021-32032

7.5 high

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.

Trustedfirmware Trusted Firmware-M May 21, 2021

CVE-2021-27386

7.5 high