CVE-2021-29242

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
codesyscontrol_for_beaglebone_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_for_empc-a\/imx6_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_for_iot2000_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_for_linux_arm_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_for_linux_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_for_pfc100_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_for_pfc200_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_for_plcnext_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_for_raspberry_pi_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_for_wago_touch_panels_600_sl
3.0 ≤
𝑥
< 4.1.0.0
codesyscontrol_rte
3.0 ≤
𝑥
< 3.5.17.0
codesyscontrol_rte
3.0 ≤
𝑥
< 3.5.17.0
codesyscontrol_runtime_system_toolkit
3.0 ≤
𝑥
< 3.5.17.0
codesyscontrol_win
3.0 ≤
𝑥
< 3.5.17.0
codesysedge_gateway
3.0 ≤
𝑥
< 3.5.17.0
codesysedge_gateway
3.0 ≤
𝑥
< 4.1.0.0
codesysembedded_target_visu_toolkit
3.0 ≤
𝑥
< 3.5.17.0
codesysgateway
3.0 ≤
𝑥
< 3.5.17.0
codesyshmi
3.0 ≤
𝑥
< 3.5.17.0
codesysopc_server
3.0 ≤
𝑥
< 3.5.17.0
codesysplchandler
3.0 ≤
𝑥
< 3.5.17.0
codesysremote_target_visu_toolkit
3.0 ≤
𝑥
< 3.5.17.0
codesyssafety_sil
3.0 ≤
𝑥
< 3.5.17.0
codesyssimulation_runtime
3.0 ≤
𝑥
< 3.5.17.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://customers.codesys.com/index.php
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=
https://www.codesys.com/security/security-reports.html
https://customers.codesys.com/index.php
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=
https://www.codesys.com/security/security-reports.html