CVE-2021-29242

EPSS 0.44%
Published 03.05.2021 14:15:07
Last modified 21.11.2024 06:00:52
Source cve@mitre.org
Teams watchlist Login
Open Login

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Codesys ≫ Control For Beaglebone Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control For Empc-a/imx6 Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control For Iot2000 Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control For Linux Arm Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control For Linux Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control For Pfc100 Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control For Pfc200 Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control For Plcnext Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control For Raspberry Pi Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control For Wago Touch Panels 600 Sl Version >= 3.0 < 4.1.0.0

Codesys ≫ Control Rte Version >= 3.0 < 3.5.17.0

Codesys ≫ Control Rte SwPlatformbeckhoff_cx Version >= 3.0 < 3.5.17.0

Codesys ≫ Control Runtime System Toolkit Version >= 3.0 < 3.5.17.0

Codesys ≫ Control Win Version >= 3.0 < 3.5.17.0

Codesys ≫ Edge Gateway SwPlatformwindows Version >= 3.0 < 3.5.17.0

Codesys ≫ Edge Gateway SwPlatformlinux Version >= 3.0 < 4.1.0.0

Codesys ≫ Embedded Target Visu Toolkit Version >= 3.0 < 3.5.17.0

Codesys ≫ Gateway Version >= 3.0 < 3.5.17.0

Codesys ≫ Hmi Version >= 3.0 < 3.5.17.0

Codesys ≫ Opc Server Version >= 3.0 < 3.5.17.0

Codesys ≫ Plchandler Version >= 3.0 < 3.5.17.0

Codesys ≫ Remote Target Visu Toolkit Version >= 3.0 < 3.5.17.0

Codesys ≫ Safety Sil Version >= 3.0 < 3.5.17.0

Codesys ≫ Simulation Runtime Version >= 3.0 < 3.5.17.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.44%	0.622

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://customers.codesys.com/index.php

Vendor Advisory

Permissions Required

https://www.codesys.com/security/security-reports.html

Vendor Advisory

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-29242

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29242

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29242

EUVD