GCVE - cpe:2.3:a:codesys:codesys:3.5.17.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:codesys:codesys:3.5.17.0:*:*:*:*:*:*:*

part: a version: 3.5.17.0 update: *

Vendor	Codesys (`4a5dbd6f-1914-5b18-8641-403ab498c199`)
Product	Codesys (`ce2275e0-858a-5521-bade-0722e05594e3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-21869`	vulnerable	2026-06-03 14:43:46.084539	Details available HIGH (8.8) An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Published: 2021-08-25T18:16:38.000Z Updated: 2024-08-03T18:23:29.546Z Open on db.gcve.eu Reference links https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1306	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-21868`	vulnerable	2026-06-03 14:43:46.084134	Details available HIGH (8.8) An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Published: 2021-08-18T14:35:11.000Z Updated: 2024-08-03T18:23:29.614Z Open on db.gcve.eu Reference links https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download= https://talosintelligence.com/vulnerability_reports/TALOS-2021-1305	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-21867`	vulnerable	2026-06-03 14:43:46.083659	Details available HIGH (8.8) An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Published: 2021-08-18T14:34:52.000Z Updated: 2024-08-03T18:23:29.533Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2021-1304 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.