Vulnerability-Lookup

VDE-2021-049

Vulnerability from csaf_wagogmbhcokg - Published: 2021-11-16 12:05 - Updated: 2025-05-22 13:03

Summary

WAGO: Denial of Service Vulnerability in CODESYS Runtime 2.3

Notes

Summary: A Denial-of-Service Vulnerability was reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC's. All vulnerable PLCs are listed in chapter 'Affected Products'.

Impact: The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerability, to manipulate and disrupt the CODESYS 2.3 Runtime of the device.

Mitigation: 1. Use general security best practices to protect systems from local and network attacks. 2. Do not allow direct access to the device from untrusted networks. 3. Update to the latest firmware according to the table in chapter solutions. 4. Disable the CODESYS 2.3 port 2455.

CVE-2021-34593

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-755 - Improper Handling of Exceptional Conditions

Mitigation 1. Use general security best practices to protect systems from local and network attacks. 2. Do not allow direct access to the device from untrusted networks. 3. Update to the latest firmware according to the table in chapter solutions. 4. Disable the CODESYS 2.3 port 2455.

Affected products

Known affected 13 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—
Unresolved product id: CSAFPID-31004		—
Unresolved product id: CSAFPID-31005		—
Unresolved product id: CSAFPID-31006		—
Unresolved product id: CSAFPID-31007		—
Unresolved product id: CSAFPID-31008		—
Unresolved product id: CSAFPID-31009		—
Unresolved product id: CSAFPID-31010		—
Unresolved product id: CSAFPID-31011		—
Unresolved product id: CSAFPID-31012		—
Unresolved product id: CSAFPID-31013		—

Fixed 13 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-32003		—
Unresolved product id: CSAFPID-32004		—
Unresolved product id: CSAFPID-32005		—
Unresolved product id: CSAFPID-32006		—
Unresolved product id: CSAFPID-32007		—
Unresolved product id: CSAFPID-32008		—
Unresolved product id: CSAFPID-32009		—
Unresolved product id: CSAFPID-32010		—
Unresolved product id: CSAFPID-32011		—
Unresolved product id: CSAFPID-32012		—
Unresolved product id: CSAFPID-32013		—

References

3 references

URL	Category
https://certvde.com/en/advisories/vendor/wago/	external
https://certvde.com/de/advisories/VDE-2020-015/	self
https://wago.csaf-tp.certvde.com/.well-known/csaf…	self

Acknowledgments

CERTVDE certvde.com

SEC Consult Vulnerability Lab. Steffen Robertz and Gerhard Hechenberger

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERTVDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Steffen Robertz and Gerhard Hechenberger"
        ],
        "organization": "SEC Consult Vulnerability Lab.",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "A Denial-of-Service Vulnerability was reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC\u0027s. All vulnerable PLCs are listed in chapter \u0027Affected Products\u0027.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerability, to manipulate and disrupt the CODESYS 2.3 Runtime of the device.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "1. Use general security best practices to protect systems from local and network attacks. \n 2. Do not allow direct access to the device from untrusted networks. \n 3. Update to the latest firmware according to the table in chapter solutions. \n 4. Disable the CODESYS 2.3 port 2455. ",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO",
        "url": "https://certvde.com/en/advisories/vendor/wago/"
      },
      {
        "category": "self",
        "summary": "VDE-2021-049: WAGO: Denial of Service Vulnerability in CODESYS Runtime 2.3 - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2020-015/"
      },
      {
        "category": "self",
        "summary": "VDE-2021-049: WAGO: Denial of Service Vulnerability in CODESYS Runtime 2.3 - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-049.json"
      }
    ],
    "title": "WAGO: Denial of Service Vulnerability in CODESYS Runtime 2.3",
    "tracking": {
      "aliases": [
        "VDE-2021-049"
      ],
      "current_release_date": "2025-05-22T13:03:10.000Z",
      "generator": {
        "date": "2025-02-25T09:30:03.350Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.18"
        }
      },
      "id": "VDE-2021-049",
      "initial_release_date": "2021-11-16T12:05:00.000Z",
      "revision_history": [
        {
          "date": "2021-11-16T12:05:00.000Z",
          "number": "1",
          "summary": "initial revision"
        },
        {
          "date": "2025-05-22T13:03:10.000Z",
          "number": "2",
          "summary": "Fix: version space, added distribution, quotation mark"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "750-8202/xxx-xxx",
                "product": {
                  "name": "750-8202/xxx-xxx",
                  "product_id": "CSAFPID-11001"
                }
              },
              {
                "category": "product_name",
                "name": "750-8203/xxx-xxx",
                "product": {
                  "name": "750-8203/xxx-xxx",
                  "product_id": "CSAFPID-11002"
                }
              },
              {
                "category": "product_name",
                "name": "750-8204/xxx-xxx",
                "product": {
                  "name": "750-8204/xxx-xxx",
                  "product_id": "CSAFPID-11003"
                }
              },
              {
                "category": "product_name",
                "name": "750-8206/xxx-xxx",
                "product": {
                  "name": "750-8206/xxx-xxx",
                  "product_id": "CSAFPID-11004"
                }
              },
              {
                "category": "product_name",
                "name": "750-8207/xxx-xxx",
                "product": {
                  "name": "750-8207/xxx-xxx",
                  "product_id": "CSAFPID-11005"
                }
              },
              {
                "category": "product_name",
                "name": "750-8208/xxx-xxx",
                "product": {
                  "name": "750-8208/xxx-xxx",
                  "product_id": "CSAFPID-11006"
                }
              },
              {
                "category": "product_name",
                "name": "750-8210/xxx-xxx",
                "product": {
                  "name": "750-8210/xxx-xxx",
                  "product_id": "CSAFPID-11007"
                }
              },
              {
                "category": "product_name",
                "name": "750-8211/xxx-xxx",
                "product": {
                  "name": "750-8211/xxx-xxx",
                  "product_id": "CSAFPID-11008"
                }
              },
              {
                "category": "product_name",
                "name": "750-8212/xxx-xxx",
                "product": {
                  "name": "750-8212/xxx-xxx",
                  "product_id": "CSAFPID-11009"
                }
              },
              {
                "category": "product_name",
                "name": "750-8213/xxx-xxx",
                "product": {
                  "name": "750-8213/xxx-xxx",
                  "product_id": "CSAFPID-11010"
                }
              },
              {
                "category": "product_name",
                "name": "750-8214/xxx-xxx",
                "product": {
                  "name": "750-8214/xxx-xxx",
                  "product_id": "CSAFPID-11011"
                }
              },
              {
                "category": "product_name",
                "name": "750-8216/xxx-xxx",
                "product": {
                  "name": "750-8216/xxx-xxx",
                  "product_id": "CSAFPID-11012"
                }
              },
              {
                "category": "product_name",
                "name": "750-8217/xxx-xxx",
                "product": {
                  "name": "750-8217/xxx-xxx",
                  "product_id": "CSAFPID-11013"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=FW19",
                "product": {
                  "name": "Firmware \u003c=FW19",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "FW20",
                "product": {
                  "name": "Firmware FW20",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO GmbH \u0026 Co. KG"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013"
        ],
        "summary": "Affected Products"
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013"
        ],
        "summary": "Fixed Products"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8202/xxx-xxx",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8202/xxx-xxx",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8203/xxx-xxx",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8203/xxx-xxx",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8204/xxx-xxx",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8204/xxx-xxx",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8206/xxx-xxx",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8206/xxx-xxx",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8207/xxx-xxx",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8207/xxx-xxx",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8208/xxx-xxx",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8208/xxx-xxx",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8210/xxx-xxx",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8210/xxx-xxx",
          "product_id": "CSAFPID-32007"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8211/xxx-xxx",
          "product_id": "CSAFPID-31008"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8211/xxx-xxx",
          "product_id": "CSAFPID-32008"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8212/xxx-xxx",
          "product_id": "CSAFPID-31009"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8212/xxx-xxx",
          "product_id": "CSAFPID-32009"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8213/xxx-xxx",
          "product_id": "CSAFPID-31010"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8213/xxx-xxx",
          "product_id": "CSAFPID-32010"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8214/xxx-xxx",
          "product_id": "CSAFPID-31011"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8214/xxx-xxx",
          "product_id": "CSAFPID-32011"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8216/xxx-xxx",
          "product_id": "CSAFPID-31012"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8216/xxx-xxx",
          "product_id": "CSAFPID-32012"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=FW19 installed on 750-8217/xxx-xxx",
          "product_id": "CSAFPID-31013"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware FW20 installed on 750-8217/xxx-xxx",
          "product_id": "CSAFPID-32013"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11013"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-34593",
      "cwe": {
        "id": "CWE-755",
        "name": "Improper Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "1. Use general security best practices to protect systems from local and network attacks. \n 2. Do not allow direct access to the device from untrusted networks. \n 3. Update to the latest firmware according to the table in chapter solutions. \n 4. Disable the CODESYS 2.3 port 2455.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013"
          ]
        }
      ],
      "title": "CVE-2021-34593"
    }
  ]
}

CVE-2021-34593 (GCVE-0-2021-34593)

Vulnerability from cvelistv5 – Published: 2021-10-26 09:55 – Updated: 2024-09-17 04:10

Title

CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service

Summary

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Assigner

CERTVDE

References

4 references

URL	Tags
https://customers.codesys.com/index.php?eID=dumpF…	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Oct/64	mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/164716/CODES…	x_refsource_MISC
http://packetstormsecurity.com/files/165874/WAGO-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
CODESYS	CODESYS V2	Affected: Runtime Toolkit 32 bit full , < V2.4.7.56 (custom) Affected: PLCWinNT , < V2.4.7.56 (custom)

Date Public ?

2021-10-25 00:00

Credits

This issue was discovered by Steffen Robertz and Gerhard Hechenberger from the SEC Consult Vulnerability Lab.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:47.007Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16877\u0026token=8faab0fc1e069f4edfca5d5aba8146139f67a175\u0026download="
          },
          {
            "name": "20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Oct/64"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CODESYS V2",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.4.7.56",
              "status": "affected",
              "version": "Runtime Toolkit 32 bit full",
              "versionType": "custom"
            },
            {
              "lessThan": "V2.4.7.56",
              "status": "affected",
              "version": "PLCWinNT",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Steffen Robertz and Gerhard Hechenberger from the SEC Consult Vulnerability Lab."
        }
      ],
      "datePublic": "2021-10-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-04T19:06:19.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16877\u0026token=8faab0fc1e069f4edfca5d5aba8146139f67a175\u0026download="
        },
        {
          "name": "20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Oct/64"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products:\n * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56\n * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68."
        }
      ],
      "source": {
        "defect": [
          "VDE-2021-049"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-10-25T14:00:00.000Z",
          "ID": "CVE-2021-34593",
          "STATE": "PUBLIC",
          "TITLE": "CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CODESYS V2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Runtime Toolkit 32 bit full",
                            "version_value": "V2.4.7.56"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "PLCWinNT",
                            "version_value": "V2.4.7.56"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "CODESYS"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was discovered by Steffen Robertz and Gerhard Hechenberger from the SEC Consult Vulnerability Lab."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-755 Improper Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16877\u0026token=8faab0fc1e069f4edfca5d5aba8146139f67a175\u0026download=",
              "refsource": "CONFIRM",
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16877\u0026token=8faab0fc1e069f4edfca5d5aba8146139f67a175\u0026download="
            },
            {
              "name": "20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Oct/64"
            },
            {
              "name": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products:\n * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56\n * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68."
          }
        ],
        "source": {
          "defect": [
            "VDE-2021-049"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34593",
    "datePublished": "2021-10-26T09:55:51.381Z",
    "dateReserved": "2021-06-10T00:00:00.000Z",
    "dateUpdated": "2024-09-17T04:10:03.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2021-049

CVE-2021-34593 (GCVE-0-2021-34593)

Tags

Sightings

Nomenclature