CVE-2021-29242

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2021-29242
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

7.3 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://customers.codesys.com/index.php Permissions Required Vendor Advisory
https://www.codesys.com/security/security-reports.html Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*
cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*
cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*
cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:safety_sil:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*
Information

Published : 2021-05-03 07:15

Updated : 2021-09-14 11:18

NVD link : CVE-2021-29242

Mitre link : CVE-2021-29242

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

codesys

  • control_for_plcnext_sl
  • edge_gateway
  • control_for_linux_arm_sl
  • plchandler
  • control_for_empc-a\/imx6_sl
  • simulation_runtime
  • control_runtime_system_toolkit
  • control_for_linux_sl
  • control_for_pfc200_sl
  • control_for_iot2000_sl
  • remote_target_visu_toolkit
  • gateway
  • control_for_raspberry_pi_sl
  • control_for_wago_touch_panels_600_sl
  • safety_sil
  • hmi
  • control_rte
  • control_for_pfc100_sl
  • embedded_target_visu_toolkit
  • control_for_beaglebone_sl
  • control_win
  • opc_server