CVE Vulnerability

CVE-2021-34593

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download= Vendor Advisory
http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/64 Mailing List Third Party Advisory
http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*
Information

Published : 2021-10-26 10:15

Updated : 2022-04-12 06:05

NVD link : CVE-2021-34593

Mitre link : CVE-2021-34593

Products Affected
No products.
CWE
CWE-755