CVE-2021-29242

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

Link	Resource
https://customers.codesys.com/index.php	Permissions Required Vendor Advisory
https://www.codesys.com/security/security-reports.html	Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=	Vendor Advisory

Configuration 1

cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:* cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:safety_sil:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:* cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:* cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*

---

Published : 2021-05-03 02:15

Updated : 2021-09-14 06:18

---

NVD link : CVE-2021-29242

Mitre link : CVE-2021-29242

No products.

CWE-20