How severe is CVE-2021-33542?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2021-33542?

This is classified as CWE-824, which is a common weakness in software security.

CVE-2021-33542 - HIGH Severity | CVSS 7

Vulnerability Description

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.

Related Vulnerabilities

CVE-2023-34288

HIGH

CVSS:7.0(High)

Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar...

CWE-8242023

CVE-2018-19018

HIGH

CVSS:7.3(High)

An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted projec...

CWE-8242018

CVE-2022-1809

HIGH

CVSS:7.4(High)

Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.

CWE-8242022

CVE-2016-10447

HIGH

CVSS:7.5(High)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 61...

CWE-8242016

CVE-2018-1000099

HIGH

CVSS:7.5(High)

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a ...

CWE-8242018

CVE-2018-11803

HIGH

CVSS:7.5(High)

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory lis...

CWE-8242018